Global Affairs Canada impacted by ‘malicious’ security breach

Internal emails state the network may have been compromised for a month before being discovered

Global Affairs Canada (GAC) is investigating a data breach impacting its internal network.

According to an email the GAC sent to staff, the breach “compromised” one of the department’s Virtual Private Networks (VPN). Employees use this network to securely connect to GAC’s Ottawa headquarters.

The network was impacted between December 20, 2023, and January 24, 2024, when the department discovered the malicious activity, another email stated. Staff were informed that anyone who used a SIGNET (Secure Integrated Global Network) laptop to connect remotely might be affected.

The breach impacted two internal drives, along with the personal information of staff members, including emails, contact information, and calendars, multiple news outlets have reported.

The department activated an unplanned IT outage on January 24th, impacting remote access, “to address the discovery of malicious cyber activity,” GAC said in a statement,

“Early results indicate there has been a data breach and that there has been unauthorized access to personal information of users including employees. The Department is contacting those affected with mitigation measures to ensure that sensitive and personal information is secure. The incident has also been reported to Canada’s Office of the Privacy Commissioner.”

GAC said it’s working with IT partners, including Shared Services Canada and the Canadian Centre for Cyber Security, to restore access.

A cyberattack previously hit the department in January 2022.

Image credit: Shutterstock

Source: National Post, CBC News, Global News 

Related Articles