Canada flag

The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed number of government employees. 

These breaches occurred last month and impacted Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, both providers of relocation services to Canadian government employees. 

Government-related information stored on compromised BGRS and SIRVA Canada systems dates back to 1999, and it belongs to a broad spectrum of affected individuals, including members of the Royal Canadian Mounted Police (RCMP), Canadian Armed Forces personnel, and Government of Canada employees.

While the Canadian government has yet to attribute the incident, the LockBit ransomware gang has already claimed responsibility for breaching SIRVA's systems and leaked what they claim to be archives containing 1.5TB of stolen documents.

LockBit has also made public the contents of failed negotiations with alleged SIRVA representatives.

"Sirva.com says that all their information worth only $1m. We have over 1.5TB of documents leaked + 3 full backups of CRM for branches (eu, na and au)," the ransomware group says in an entry on its dark web data leak site.

Sirva on LockBit's leak site
Sirva on LockBit's leak site (BleepingComputer)

After being notified of the contractors' security breaches on October 19th, the government promptly reported the breach to relevant authorities, including the Canadian Centre for Cyber Security and the Office of the Privacy Commissioner.

While the analysis of the vast volume of compromised data continues, specific details regarding the impacted individuals, including the number of affected employees, remain undetermined. However, preliminary assessments suggest that those who used relocation services since 1999 may have had their personal and financial information exposed.

"The Government of Canada is not waiting for the outcomes of this analysis and is taking a proactive, precautionary approach to support those potentially affected," a statement published on Friday reads.

"Services such as credit monitoring or reissuing valid passports that may have been compromised will be provided to current and former members of the public service, RCMP, and the Canadian Armed Forces who have relocated with BGRS or SIRVA Canada during the last 24 years. 

"Additional details about the services that will be offered, and how to access them will be provided as soon as possible."

Individuals potentially affected by this data breach are urged to take precautionary measures, including updating login credentials, enabling multi-factor authentication, and monitoring online financial and personal accounts for unusual activity.

Those suspecting unauthorized access to their accounts must also contact their financial institution, local law enforcement, and the Canadian Anti-Fraud Centre (CAFC) immediately.

Related Articles:

Dairy giant Agropur says data breach exposed customer info

Infosys McCamish says LockBit stole data of 6 million people

23andMe data breach under investigation in UK and Canada

Los Angeles Unified School District investigates data theft claims

PandaBuy pays ransom to hacker only to get extorted again