Canadian government discloses data breach after contractor hacks

Canada flag

The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed number of government employees. 

These breaches occurred last month and impacted Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, both providers of relocation services to Canadian government employees. 

Government-related information stored on compromised BGRS and SIRVA Canada systems dates back to 1999, and it belongs to a broad spectrum of affected individuals, including members of the Royal Canadian Mounted Police (RCMP), Canadian Armed Forces personnel, and Government of Canada employees.

While the Canadian government has yet to attribute the incident, the LockBit ransomware gang has already claimed responsibility for breaching SIRVA’s systems and leaked what they claim to be archives containing 1.5TB of stolen documents.

LockBit has also made public the contents of failed negotiations with alleged SIRVA representatives.

“Sirva.com says that all their information worth only $1m. We have over 1.5TB of documents leaked + 3 full backups of CRM for branches (eu, na and au),” the ransomware group says in an entry on its dark web data leak site.

Sirva on LockBit's leak site
Sirva on LockBit’s leak site (BleepingComputer)

After being notified of the contractors’ security breaches on October 19th, the government promptly reported the breach to relevant authorities, including the Canadian Centre for Cyber Security and the Office of the Privacy Commissioner.

While the analysis of the vast volume of compromised data continues, specific details regarding the impacted individuals, including the number of affected employees, remain undetermined. However, preliminary assessments suggest that those who used relocation services since 1999 may have had their personal and financial information exposed.

“The Government of Canada is not waiting for the outcomes of this analysis and is taking a proactive, precautionary approach to support those potentially affected,” a statement published on Friday reads.

“Services such as credit monitoring or reissuing valid passports that may have been compromised will be provided to current and former members of the public service, RCMP, and the Canadian Armed Forces who have relocated with BGRS or SIRVA Canada during the last 24 years. 

“Additional details about the services that will be offered, and how to access them will be provided as soon as possible.”

Individuals potentially affected by this data breach are urged to take precautionary measures, including updating login credentials, enabling multi-factor authentication, and monitoring online financial and personal accounts for unusual activity.

Those suspecting unauthorized access to their accounts must also contact their financial institution, local law enforcement, and the Canadian Anti-Fraud Centre (CAFC) immediately.


Original Source



A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.