Canada’s foreign affairs department investigates data breach

Global Affairs Canada (GAC), the foreign affairs department of the Canadian government, said it is investigating a data breach in its internal network.

“Early results [of the investigation] indicate there has been a data breach and that there has been unauthorized access to personal information of users, including employees. The department is contacting those affected with mitigation measures to ensure that sensitive and personal information is secure,” GAC told Global News.

The data breach affected the remote access to GAC’s network and several employees were asked to stop working remotely. As per CBC News, which viewed the emails sent to the employees, the data breach affected two internal drives, emails, calendars, and contacts of several staff members.

Another email sent to the staff members, according to CBC News, said the GAC’s internal systems were vulnerable between December 20, 2023, and January 24, 2024, and information of anyone using a Secure Integrated Global Network (SIGNET) laptop is possibly exposed. SIGNET is the secure network used by the GAC.

The data breach occurred because of the compromised Virtual Private Network (VPN), managed by the Federal Government’s Shared Services Canada, used by remote workers to access GAC’s headquarters. The scope of the data breach is as yet unclear.

“We continue to take several steps to protect employee’s personal information and safeguard our corporate networks following the discovery that Virtual Private Network (VPN) managed by Shared Services Canada (SSC) was compromised and used to access Global Affairs Canada (GAC) HQ VPN-related network traffic,” said the internal message to the staff, as reported by Global News. However, the GAC didn’t reveal the details of the threat actors responsible for carrying out the attack.

“Global Affairs Canada is working with IT partners, including Shared Services Canada and the Canadian Centre for Cyber Security (part of the Communications Security Establishment), to restore full connectivity as soon as possible,” said a statement issued by the Canadian Government.

GAC was a victim of a cyberattack in January 2022 as well, when its network was shut down for several days. At the time, it was believed, though not confirmed, that the Russia-backed malicious elements had carried out the attack because of Canada’s support to Ukraine in the ongoing war between Russia and Ukraine.

Increasingly, there has been a rise in the number of cyberattacks on government organizations. Government bodies, by their nature, have a vast amount of citizen data, making them vulnerable to cyberattacks. Last year, several US Government agencies were hit by a global cyberattack that exploited a vulnerability in MOVEit applications. Recently, Emsisoft revealed that the Russian ransomware group Clop claimed responsibility for the same. In addition, the UK government’s parliamentary committee’s report on A Hostage to Fortune: Ransomware and UK National Security had warned that it was at risk of a “catastrophic ransomware attack.”