Third-Party Data Breach Affecting Canadian Government Could Involve Data From 1999

Connor Jones reports via The Register: The government of Canada has confirmed its data was accessed after two of its third-party service providers were attacked. The third parties both provided relocation services for public sector workers and the government is currently analyzing a "significant volume of data" which could date back to 1999. No formal conclusions have yet been made about the number of workers impacted due to the large-scale task of analyzing the relevant data. However, the servers impacted by the breach held data related to current and former Canadian government staff, members of the Canadian armed forces, and Royal Canadian Mounted Police workers -- aka Mounties.

"At this time, given the significant volume of data being assessed, we cannot yet identify specific individuals impacted; however, preliminary information indicates that breached information could belong to anyone who has used relocation services as early as 1999 and may include any personal and financial information that employees provided to the companies," a government statement read. Those who think they may be affected are advised to update any login details that may be similar to those used to access BGRS or Sirva's systems. Enabling MFA across all accounts that are used for online transactions is also advised, as is the manual monitoring of personal accounts for any potential malicious activity. Work is currently being carried out to identify and address any vulnerabilities that may have led to the incident, according to the statement.

Y2K Called, Wants Its Data Back

[Press2ToContinue]

In a stunning twist of nostalgia, Canada proves it's not just into vintage maple syrup and hockey tapes - they're bringing back the classic 1999 data breach! This is the kind of retro revival we didn't know we needed. Next, they'll tell us the breach was done on a Windows 98 machine, using Netscape Navigator, and the hacker was distracted by the 'Prince' song playing in the background. Let's hope their password wasn't 'password123'... or even better, 'eh123'. And for all those affected, maybe check your MyS

Re:

[tlhIngan]

It's not a breach that happened in 1999. It's a breach that involved data going back to 1999. And it's not a breach of the government, but a contractor of the government.

If it's just data involving relocations, this is significant, but it could be relatively minor - maybe it's just a list of addresses - where you were moving from, and where you are moving to. (I would not be surprised if moving itself was contracted out)

Or it could involve a lot more data if the move assistance also involves helping with ap

I wonder what the security threat level is

[Baron_Yam]

If you have all the relocation info for government and the Canadian Armed Forces, you learn a lot about it that might be useful... number, names, and locations of the people, for instance.

That's a good start for choosing targets to compromise.

Right now we have China and India operating on our soil like they own the place and getting pissy if we even mention it, and we have been an ancillary target of Russia's campaign to divide the US. Hell, what is almost certainly a Russian-funded operation sent a bunch

Enabling MFA ... is also advised

[DarkRookie2]

I will do this once:
1. It doesn't require the purchase of an expensive security key.
2. There is a standard that everyone is forced to use.

Still very annoying that I am being told to turn on MFA, when it is a total cluster fuck to manage.