Investigation Underway Following Major Cybersecurity Breach at Global Affairs Canada

Canadian officials are diligently investigating a significant data breach that has impacted Global Affairs Canada's internal network. This breach, identified due to suspicious cyber activities, has compromised at least two internal drives, along with the emails, calendars, and contact lists of numerous staff members.

Sources familiar with the situation, including affected employees, have revealed the breach's impact on their work routines. Some staff members have been instructed to halt remote work since the previous Wednesday.

Three internal emails addressed to Global Affairs staff have been obtained by CBC News, indicating ongoing forensic analysis to gauge the extent of the data breach. Early findings suggest a widespread impact on Global Affairs Canada (GAC) users.

The vulnerability period spanned from December 20, 2023, to January 24, 2024. Staff who connected remotely using SIGNET laptops during this timeframe may have had their data compromised. SIGNET, the Secure Integrated Global Network, is GAC's secure computer network, which includes both personal and classified information.

The breach lasted over a month, and the exact nature of the compromised information remains unclear, including whether any classified data was lost. The breach's origins are also unknown.

Shared Services Canada, responsible for government network services, and the Canadian Centre for Cyber Security, a division of Canada's cyber-security organization, are leading the investigation.

The breach was reported to the office of the Privacy Commissioner on January 26. The Commissioner's office is working closely with Global Affairs Canada to assess the breach's privacy risks and ensure appropriate response measures.

Global Affairs Canada, known for holding sensitive and classified information, is considered a high-risk target for cyber-attacks. Despite the use of encrypted systems for sensitive diplomatic communications, there is concern that drafts and some intelligence may have been stored on the compromised drives.

Employees have been advised on safeguarding sensitive information and monitoring financial accounts for any unauthorized activities. For now, certain Global Affairs employees in Canada with security clearance are restricted from remote work, though this is a temporary measure until the crisis is resolved.

In the past year, staff have occasionally been directed to change passwords or reboot software without additional context, indicating ongoing security concerns within the department.

Post a Comment