Global Affairs Canada is currently conducting an in-depth investigation into a substantial data breach resulting from a month-long compromise of its internal network.
This breach, disclosed in a series of employee memos starting January 26, exposed a significant amount of staff data, including emails, according to memos obtained by the National Post.
The Global Affairs breach originated after one of its Virtual Private Networks (VPN), used by Canada-based workers to connect securely to the department’s Ottawa headquarters, was hacked. The breach, which likely started on December 20, was only discovered on January 24. That’s over one month of having your secure VPN hacked, where sensitive info is being communicated back and forth.
Hackers seemingly accessed an unknown number of employees’ emails and data stored on personal and shared servers connected to the compromised VPN. An internal memo warned, “If you used a SIGNET laptop between December 20th, 2023, to January 24th, 2024, to connect remotely to HQ GAC servers, you may be vulnerable. Email traffic and files on your H (personal) and I (shared) drives may have been compromised.”
Global Affairs only publicly acknowledged the breach after the National Post inquired about the incident, which was identified five days earlier.
In a statement, GAC spokesperson Marilyne Guèvremont confirmed the breach was due to “malicious cyber activity,” indicating it was a criminal hack. “Early results indicate there has been a data breach and that there has been unauthorized access to personal information of users including employees,” Guèvremont stated.
However, Global Affairs Canada did not respond to questions regarding the delay in discovering the breach, the number of affected employees, and measures taken to secure compromised information.
The government, working with Shared Services Canada (SSC) and the Communications Security Establishment (CSE), admitted that the full scale and timeline of the breach are still unknown, with the possibility of uncovering more issues as the investigation progresses.
An internal memo read, “Forensic work … is ongoing to help us understand the impact on our networks and any potential changes in the scope and in the time frame of the data breach.” Yikes.
Upon discovering the breach, Global Affairs took down some internal systems, including the compromised VPN network. Employees were asked to reset passwords and encryption keys. “The Department’s critical services and external communication channels remain accessible and operational,” Guèvremont noted.
The Federal Privacy Commissioner was notified of the breach, as required for incidents posing a significant risk to individuals. The commissioner’s office confirmed its probe into the incident.
This incident marks the second significant cyber incident for Global Affairs in two years, following a multi-day shutdown in early 2022 caused by a foreign state actor.
