Canadian government confirms data breach, says sensitive data may have been leaked

News
By Sead Fadilpašić
published

Canadian government contractors suffered a devastating data breach late last month

x
(Image credit: Shutterstock)

Two Canadian relocation firms were recently breached and sensitive data on their customers was stolen. One of the customers was the Canadian government, meaning personally identifiable data of government employees was exposed. 

A report from BleepingComputer claims Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services were the two firms that were affected.

 These two firms held government-related information on their servers, including data from the Royal Canadian Mounted Police, Canadian Armed Forces, and the Government of Canada. The data dates back to 1999.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

LockBit claims responsibility

At press time, the type of the stolen data is unknown, as well as a more precise of affected individuals. The early conclusion is that whoever used the relocation services since 1999 has had both personal and financial data stolen. We do know that the Canadian government was made aware of the incident on October 19, after which it notified the police and other relevant organizations.

"The Government of Canada is not waiting for the outcomes of this analysis and is taking a proactive, precautionary approach to support those potentially affected," the organization said in a statement published late last week. "Services such as credit monitoring or reissuing valid passports that may have been compromised will be provided to current and former members of the public service, RCMP, and the Canadian Armed Forces who have relocated with BGRS or SIRVA Canada during the last 24 years.”

At the same time, the LockBit ransomware group took responsibility for the attack on SIRVA, saying it stole 1.5TB of sensitive information. The group added that negotiations failed. 

"Sirva.com says that all their information worth only $1m. We have over 1.5TB of documents leaked + 3 full backups of CRM for branches (eu, na and au)," BleepingComputer cited LockBit’s message on its dark web site.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.