Global Affairs Canada experienced a data security breach lasting for a month, impacting the email accounts of its staff, as reported by CBC News.
Canadian authorities are currently investigating a prolonged data security breach that has impacted the internal network utilized by staff at Global Affairs Canada. The breach, detected due to malicious cyber activity, has affected at least two internal drives, along with emails, calendars, and contacts of numerous staff members.
Multiple sources, including employees directly impacted, revealed that some were instructed to halt remote work as of last Wednesday. Internal emails viewed by CBC News indicate that forensic work is underway to understand the extent of the breach, with early results suggesting that a significant number of Global Affairs Canada users may have been affected.
The breach's vulnerability window occurred between December 20, 2023, and January 24, 2024, affecting the virtual private network (VPN) used by staff to access Global Affairs' Ottawa headquarters. The compromised VPN system was managed by Shared Services Canada, a federal department responsible for delivering email, data centers, and network services for various government departments.
Global Affairs Canada acknowledged the breach in a statement, attributing it to an "unplanned IT outage" initiated intentionally on January 24 to address the cyber activity discovery. The department confirmed unauthorized access to personal information, including employee data, and is actively investigating the matter while ensuring affected individuals' information remains secure.
While the statement assures that GAC buildings maintain full connectivity and remote employees in Canada have been provided with workarounds, the scope of the data breach remains unclear. The breached SIGNET network contains both personal and classified information, and it is uncertain whether any sensitive or classified data was compromised during the month-long breach.
The breach is currently under investigation by Shared Services Canada and the Canadian Centre for Cyber Security, a part of the Communications Security Establishment. The Privacy Commissioner's office was informed of the breach on January 26 and is working with Global Affairs Canada to assess privacy risks and ensure appropriate steps are taken, including notifying affected individuals.
Wesley Wark, a national security expert at the University of Ottawa, emphasized the severity of a breach lasting over a month, particularly for an organization like Global Affairs Canada, which holds classified and sensitive information. While diplomatic cables are sent using an encrypted system, some drafts of sensitive correspondence and intelligence may have been stored in the affected drives.
The email sent to staff recommends safeguarding sensitive information and monitoring financial accounts for unauthorized activity. In response to the breach, some Canada-based Global Affairs employees with security clearance are temporarily unable to work from home, with the department assuring that this is a temporary measure until the crisis is resolved.
In conclusion, Global Affairs Canada is grappling with the aftermath of a significant data breach, prompting investigations and security measures to mitigate the potential impact on personal and sensitive information.
