Personal info of Canadian Armed Forces, RCMP stolen in cyberattack

The data of some Canadian government employees — including current and former members of the Canadian Armed Forces and Royal Canadian Mounted Police personnel — was leaked during a cyberattack on the systems of a government contractor used for relocation services.

In October, the LockBit ransomware gang claimed it attacked SIRVA, a global company that offers employee relocation and moving services. The company’s website is still down as of November 20.

The Government of Canada has disclosed a data breach. #ransomware 1/2https://t.co/0GPykTvoHh pic.twitter.com/OQPwY42GVM

— Brett Callow (@BrettCallow) November 20, 2023

The Treasury Board of Canada Secretariat said in a statement on Friday that a cyberattack on the systems of SIRVA and a company it acquired last year, Brookfield Global Relocation Services (BGRS), exposed the sensitive information of an unknown number of employees who used relocation services as early as 1999.

The Canadian government has contracts with both companies and said it was notified on October 19 that information they held was leaked.

“Upon learning about this incident, the government took immediate action to investigate the breach,” they said, noting that the incident was reported to the Canadian Centre for Cyber Security, the Office of the Privacy Commissioner, and the Royal Canadian Mounted Police.

“At this time, given the significant volume of data being assessed, we cannot yet identify specific individuals impacted; however, preliminary information indicates that breached information could belong to anyone who has used relocation services as early as 1999 and may include any personal and financial information that employees provided to the companies.”

A spokesperson declined comment about how many people were affected.

The government of Canada said it is not waiting until the investigation is completed to provide assistance, offering credit monitoring and new passports to those affected. It pledged to reach out to those affected in the coming weeks with more information.

Officials are also meeting with representatives from both companies to “monitor progress on the issue” and said this “will continue until we have a full assessment of the breach and its impacts.” They are working with the companies to identify what vulnerabilities were used by the hackers to breach their systems.

The notice says those who think they may be affected should change login credentials used for SIRVA and monitor their financial accounts for any nefarious behavior.

The CBC reported in October that the Department of National Defence sent an internal notice out last month about the incident after several members of the armed forces complained about being unable to complete forms for their relocation due to the outages.

Internal documents cited by the CBC showed the company facilitates 20,000 federal moves each year.