Pierluigi Paganini November 20, 2023

The Canadian government discloses a data breach after threat actors hacked two of its contractors. 

The Canadian government declared that two of its contractors,Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, have been hacked, resulting in the exposure of sensitive information belonging to an undisclosed number of government employees. 

Data belonging to current and former Government of Canada employees, members of the Canadian Armed Forces and Royal Canadian Mounted Police personnel have been also exposed.

The Canadian government notifies relevant authorities, including the Canadian Centre for Cyber Security, the Office of the Privacy Commissioner, and the Royal Canadian Mounted Police.

“On October 19^th, 2023, Brookfield Global Relocation Services (BGRS) informed the Government of Canada of a breach involving Government of Canada information held by BGRS and SIRVA Canada systems.” reads the data breach notification published by the Canadian government. “At this time, given the significant volume of data being assessed, we cannot yet identify specific individuals impacted; however, preliminary information indicates that breached information could belong to anyone who has used relocation services as early as 1999 and may include any personal and financial information that employees provided to the companies.”

The government has yet to reveal the name of the reansomware group that breached the two companies.

Both contractors suffered a security breach in October. Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services provide relocation services to Canadian government employees. 

The LockBit ransomware gang has claimed responsibility for the attack on SIRVA, the group has stolen 1.5TB of data and already leaked it.

“Sirva.com says that all their information worth only $1m. We have over 1.5TB of documents leaked + 3 full backups of CRM for branches (eu, na and au) Sirva Worldwide, Inc. provides HR and mobility professionals with the resources, guidance, and support they need to achieve the best possible relocation for talent, and for the companies that move them.” reads the sattement published by Lockbit on its Tor leaksite that confirms the failure of a negotiation.

In response to the security breaches the Government of Canada is taking a proactive, precautionary approach. It is providing credit monitoring or reissuing valid passports to current and former members of the public service, RCMP, and the Canadian Armed Forces who have relocated with BGRS or SIRVA Canada during the last 24 years.

Below recommendations provided by the government to potentially impacted individuals:

• updating login credentials that may be similar to those used with BGRS or SIRVA Canada
• enabling multi-factor authentication on accounts that are used for online transactions
• monitoring financial and personal online accounts for any unusual activity

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Canadian government)