Global Affairs Canada (GAC), the foreign affairs department of the Canadian government, said it is investigating a data breach in its internal network.
“Early results [of the investigation] indicate there has been a data breach and that there has been unauthorized access to personal information of users, including employees. The department is contacting those affected with mitigation measures to ensure that sensitive and personal information is secure,” GAC told Global News.
The data breach affected the remote access to GAC’s network and several employees were asked to stop working remotely. As per CBC News, which viewed the emails sent to the employees, the data breach affected two internal drives, emails, calendars, and contacts of several staff members.
Another email sent to the staff members, according to CBC News, said the GAC’s internal systems were vulnerable between December 20, 2023, and January 24, 2024, and information of anyone using a Secure Integrated Global Network (SIGNET) laptop is possibly exposed. SIGNET is the secure network used by the GAC.
The data breach occurred because of the compromised Virtual Private Network (VPN), managed by the Federal Government’s Shared Services Canada, used by remote workers to access GAC’s headquarters. The scope of the data breach is as yet unclear.
“We continue to take several steps to protect employee’s personal information and safeguard our corporate networks following the discovery that Virtual Private Network (VPN) managed by Shared Services Canada (SSC) was compromised and used to access Global Affairs Canada (GAC) HQ VPN-related network traffic,” said the internal message to the staff, as reported by Global News. However, the GAC didn’t reveal the details of the threat actors responsible for carrying out the attack.
