The recent hacking of two Canadian government contractors has led to the exposure of sensitive information concerning government employees. The breaches affected relocation service providers BGRS and SIRVA Worldwide Relocation & Moving Services, both of which store government-related information dating back to 1999. This data belongs to various individuals, including members of the Royal Canadian Mounted Police (RCMP) and Canadian Armed Forces personnel.
The incident has been attributed to the LockBit ransomware gang, which has claimed responsibility for breaching SIRVA’s systems and leaking approximately 1.5TB of stolen documents. The ransomware group has even released the contents of failed negotiations with the alleged SIRVA representatives on its dark web data leak site. The situation has prompted the Canadian government to promptly report the breach to the relevant authorities, including the Canadian Centre for Cyber Security and the Office of the Privacy Commissioner.
Despite the ongoing analysis of the compromised data, there are still many unknowns, such as the number of affected employees and the specific details of impacted individuals. Preliminary assessments, however, suggest that anyone who used relocation services since 1999 may have had their personal and financial information exposed. As a proactive response, the government is offering services such as credit monitoring and reissuing valid passports to current and former members of the public service, RCMP, and the Canadian Armed Forces who have used BGRS or SIRVA Canada.
Individuals who may have been affected by this data breach have been advised to take precautionary measures, including updating login credentials, enabling multi-factor authentication, and monitoring online financial and personal accounts for unusual activity. Those who suspect unauthorized access to their accounts should contact their financial institution, local law enforcement, and the Canadian Anti-Fraud Centre (CAFC) immediately.
Overall, the Canadian government is making efforts to support those impacted by this breach by providing necessary services and guidance. This incident underscores the escalating threat of cybersecurity breaches and the importance of robust security measures to protect sensitive data. The government is committed to addressing the situation and ensuring the safety and security of affected individuals. The full extent of the breach and its consequences are still unfolding, and further details will be provided as the investigation progresses.