According to an internal department email seen by CBC News, Canadian authorities have issued a long-term data privacy policy following the “detection of malicious cyber activity” affecting internal networks used by Global Affairs Canada staff. They say they are investigating a security breach.
The breach affects at least two internal drives, as well as the email, calendar, and contacts of many staff members.
CBC News spoke to several people familiar with the situation, including employees who received instructions on how the breach could affect their ability to work. Some people were told to stop working remotely as of last Wednesday.
CBC News also reviewed three internal emails sent to Global Affairs staff.
“Forensic work is also underway to understand the scope of the data breach,” one email said. “While work is ongoing, early results suggest that a number of (Global Affairs Canada) users may have been affected.”
Another email states that there was a vulnerability in internal systems between December 20, 2023 and January 24, 2024, using SIGNET (Secure Integrated Global Network) laptops. People who connected remotely were notified that their information could be vulnerable.
The “compromised” system was a virtual private network (VPN) used by staff to access Global Affairs’ Ottawa headquarters. GAC’s notice states that the VPN system was managed by Shared Services Canada.
Shared Services Canada is a federal department created in 2011 to take over the provision of email, data center, and network services to many government departments and agencies.
No word yet on the scope of the data breach
According to Global Affairs, SIGNET is the department’s secure computer network. Some networks store personal information, including employee personal information, on shared drives. Another part stores sensitive information.
It’s unclear whether any sensitive information was lost in the breach, which lasted more than a month. It is also not clear who was behind the breach.
A memo to GAC staff said email traffic and files on personal shared drives “may have been compromised.” GAC also said it was investigating whether “confidential corporate information” such as credit card and banking data may have been compromised.
According to an email to GAC staff, Canada’s Shared Services and the Canadian Cyber Security Center, part of the Communications Security Establishment, Canada’s cyber security organization, investigated the breach. It is said that it is.
“Forensic work, including collaboration with these partners, is underway to understand the impact on our networks and potential changes in the scope and duration of the data breach,” the email to GAC officials said. “it is written like this.
The Privacy Commissioner’s Office said it was notified of the data breach by Global Affairs Canada on January 26.
“We are in ongoing contact with the ministry to gather further information,” a spokesperson said in a media statement. “Upon receiving notification of the breach, our office is working with federal agencies to better understand the privacy risks associated with the breach and to ensure the department takes appropriate action, including notifying affected individuals. I will strive to do so.”
Shared Services Canada referred CBC’s request for comment to Global Affairs Canada. Global Affairs did not immediately respond to a request for comment.
International situation is a “natural target”
“Any violation beyond that period would have to be significant,” said Wesley Wolk, a national security expert at the University of Ottawa.
“Canada International Affairs Canada stores a lot of sensitive information… It’s a natural target for hacking, but it’s also vulnerable and stores sensitive data.”
Sensitive diplomatic cables are sent using an encryption system, and officials told CBC News that drafts of the sensitive communications and some of the information may have been stored on the affected drives. .
“We understand that this information may be disturbing to many of you,” the email sent to staff said. “This is an evolving situation and further information and guidance will continue to be shared as soon as possible.”
The email offers suggestions on how to protect “confidential information” and encourages employees to monitor financial accounts in case of fraudulent activity.
For the time being, some Global Affairs employees with security clearances based in Canada will not be able to work from home.
“This is not a permanent change to a hybrid work model, but only a temporary situation until this crisis passes,” the email said.
A senior diplomatic source told CBC News that employees were told several times over the past year to immediately change their passwords or restart the software, but were not given further details.