Authorities investigating massive security breach at Global Affairs Canada - Action News
Home WebMail Friday, November 22, 2024, 10:28 AM | Calgary | -10.8°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Politics

Authorities investigating massive security breach at Global Affairs Canada

Canadian authorities are investigating a prolonged data security breach following the "detection of malicious cyber activity" affecting the internal network used by Global Affairs Canada staff, according to internal department emails viewed by CBC News.

Internal emails describe a month-long security breach affecting 'many' government employees

Close up of hands on a laptop keyboard. Green text, suggestive of lines of code, appear on the computer screen.
Global Affairs Canada was hit by a month-long data security breach that affected staff email, CBC News has learned. (Tero Vesalainen/Shutterstock)

Canadian authorities are investigating a prolonged data security breach following the "detection of malicious cyber activity" affecting the internal network used by Global Affairs Canada staff, according to internal department emails viewed by CBC News.

The breach affects at least two internal drives, as well as emails, calendars and contacts of manystaff members.

CBC News spoke to multiple sources with knowledge of the situation, including employees who have received instructions on how the breachaffects their ability to work. Some were told to stop working remotely as of last Wednesday.

CBC News has also seen three internal emails sent to Global Affairs staff.

"Forensic work has also progressed to help us understand the scope of the data breach," one email said. "The work is ongoing, but early results suggest that many (Global Affairs Canada) users may have been affected."

Another email said the internal systems were vulnerable betweenDecember 20, 2023 and January 24, 2024. Itinformedanyone who connected remotely using a SIGNET (Secure Integrated Global Network) laptop that their information may be vulnerable.

The "compromised"systemwas the virtual private network (VPN) staffuseto access Global Affairs's Ottawa headquarters. The VPN system was managed by Shared Services Canada, the GAC notice said.

Shared Services Canada is a federal department created in 2011 to take over the delivery of email, data centres and network services for many government departments and agencies.

Global Affairs Canada confirms breach

In a statement issued Tuesday, Global Affairs Canada said an "unplanned IT outage" is affecting remote access to its network. The department said the partial outage was activated intentionally on Jan. 24 to "address the discovery of malicious cyber activity."

"Early results indicate there has been a data breach and that there has been unauthorized access to personal information of users including employees," the statement said, adding that the department is investigating the matter and contacting those affected to ensure their information is secure.

The statement also said connectivityin GAC buildings is fully functioning and that employees working remotely in Canada have been provided with workarounds.

"The department's critical services and external communication channels remain accessible and operational."

No word yet on scope of data breach

According to Global Affairs, SIGNET is the department'ssecure computer network.One part of the network holds personal information on shared drives, including employees' personal information. Another partholds classified information.

It's not clear whether secret information was lost in the breach, which lasted longer than a month. It's also not clear who was behind the breach.

Email traffic and files on personal and shared drives"may have been compromised," a GAC memo to staff said. GACalso said it's looking into whether "sensitive corporate information," such as credit cards and banking data, mayhave been breached.

WATCH | Authorities investigatedata security breach at Global Affairs Canada:

Authorities investigating massive security breach at Global Affairs Canada

7 months ago
Duration 2:00
Authorities are investigating a major data security breach Global Affairs Canada that included 'unauthorized access to the personal information of users, including employees.'

Shared Services Canada and the Canadian Centre for Cyber Security which is part of the Communications Security Establishment, Canada's cyber-security organization are investigating the breach, GAC's email to staff said.

"Forensic work, including with these partners, is ongoing to help us understand the impact on our networks and any potential changes in the scope and in the time frame of the data breach," the GAC email to staff read.

The office of the Privacy Commissioner saidGlobal Affairs Canada informed it of a data breach on Jan. 26.

"We are in ongoing communication with the department to gather more information," a spokesman said in a media statement. "Following a breach notification, our office will work with federal institutions to better understand privacy risks related to the breach and ensure that the department undertakes appropriate steps, including notification of affected individuals."

Global Affairs is a 'natural target'

"A breach of that duration is bound to be serious," said Wesley Wark, a national security expert at the University of Ottawa.

"Global Affairs Canada holds a lot of classified and sensitive information ... It is a natural target for hacking but it's also vulnerable and holds important data."

Although sensitive diplomatic cables are sent using an encrypted system, a source told CBC News that some drafts of sensitive correspondence and some intelligence may have been stored in the affected drives.

A multi-storey building with windows is pictured from the outside.
The Lester B. Pearson Building on Sussex Drive in Ottawa, headquarters of Global Affairs Canada. (CBC)

"We know this information may be unsettling for many of you," said the email sent to staff. "This is an evolving situation and further information and guidance will continue to be shared as quickly as possible."

The email offers suggestions on how to safeguard "sensitive information" and encourages employees to monitor financial accounts in case of unauthorized activity.

In the interim, some Canada-based Global Affairs employees with security clearance are not able to work from home.

"This is not a permanent change to the hybrid work model, just a temporary situation until this crisis passes," the email said.

A senior diplomatic source told CBC News that on several occasionsin the past year,staff were told to immediately change passwords or reboot software but were not given any further details.

Global Affairs said it's working with Shared Services Canada and the Canadian Centre for Cyber Security, which is part of the Communications Security Establishment, to restore full connectivity "as soon as possible."

With files from Raffy Boudjikanian and Katie Simpson