The Canadian government is investigating what could be a major data breach at its foreign affairs department.
CBC News says there is an investigation into what it calls a prolonged data security breach on the internal network of Global Affairs Canada.
At least two internal hard drives, as well as emails, calendars and contacts of many staff members were affected, the news service says.
Some staff have been told they can’t work remotely because of the incident.
One government email to staff, seen by the CBC, says data of any staffer who connected remotely by virtual private network between December 30, 2023 and January 24th is at risk.
“Early results indicate there has been a data breach and that there has been unauthorized access to personal information of users, including employees,” Global Affairs said in a statement to IT World Canada.
“The Department is contacting those affected with mitigation measures to ensure that sensitive and personal information is secure. The incident has also been reported to Canada’s Office of the Privacy Commissioner.”
“An unplanned IT outage is currently affecting remote access to Global Affairs Canada (GAC)’s network in the country. The Department’s critical services and external communication channels remain accessible and operational. This partial outage was intentionally activated on January 24, 2024 to address the discovery of malicious cyber activity. Global Affairs Canada is working with IT partners, including Shared Services Canada and the Canadian Centre for Cyber Security (part of the Communications Security Establishment) to restore full connectivity as soon as possible.”
Shared Services Canada is responsible for consolidating and modernizing certain IT services across federal departments, including email, data centre, and network services.
On-site employee connectivity in government buildings is fully functioning, the Global Affairs statement said, allowing for normal computer/network access. “Employees working remotely in Canada have been provided with workarounds to ensure they remain operational. The Government of Canada deals with ongoing and persistent cyber risks and threats every day. Given its profile, Global Affairs Canada takes a proactive approach and employs a variety of security monitoring measures to detect and address potential risks. The Department is closely monitoring the situation and is conducting an investigation into the matter.
“We cannot comment further at the moment on any specific details for operational and security reasons.”
Global Affairs oversees the government’s foreign policy, and operates Canadian embassies and consulates around the world. Its minister is a member of the cabinet’s Global Affairs and Public Security committee, which not only deals with diplomatic and trade issues, but also threats and risks to the safety and security of the country.
Discovery of the incident comes almost exactly two years after Global Affairs revealed it had been compromised in a cyber attack. At that time, the Treasury Board of Canada Secretariat said the attack was detected on January 19, 2022.
According to The Hill Times, a department investigation after the attack concluded it was “very likely” Global Affairs would face another online threat that would have a “very high” impact.
David Shipley, head of New Brunswick’s Beauceron Security and co-chair of the Canadian Chamber of Commerce’s cyber council, said a key indicator of how serious this breach of security controls is will be how long the Global Affairs network is down. “The last time it happened, two years ago, they had a relatively quick recovery. If it’s a prolonged one [outage] then it’s a more significant compromise. That raises some interesting questions: Did they fully get them [the hackers] out [of the network] two years ago?”
The government needs to publicly explain this breach so other organizations can learn from the incident, he added.