In September and October 2023, a significant data breach impacted the systems of BGRS and SIRVA Canada, affecting 480,000 Canadian government employees, including members of the Canadian Armed Forces and Royal Canadian Mounted Police. The breach exposed personal and financial information of individuals using relocation services provided by these companies. The Canadian government swiftly implemented measures to mitigate the damage, such as re-issuing passports and offering credit monitoring services to those affected.
The LockBit ransomware gang was responsible for the attack, exploiting vulnerabilities in the systems of BGRS and SIRVA to gain unauthorized access and exfiltrate 1.5TB of sensitive personal information. This data included passports, financial information, and other personal details of Canadian government employees. Although the exact methods used by the hackers remain unclear, the investigation is ongoing to determine the full extent of the breach and how it occurred.
In response to the breach, the Canadian government took immediate action, including investigating the incident and reporting it to relevant authorities. Affected individuals were provided with credit monitoring services and re-issued passports to protect them from potential misuse of their information. Additionally, the Canadian Centre for Cyber Security advised individuals to change their passwords and enable multi-factor authentication as precautionary measures.
The breach has raised concerns about the security of personal information within government-related services. While SIRVA’s specific enhanced security measures remain undisclosed, the incident underscores the importance of robust cybersecurity practices and the need for continuous monitoring and updating of security protocols to prevent similar breaches in the future. Individuals who believe they may be affected and have not received notification can check their credentials on platforms like HaveIBeenPwned.
Reference:
