Hand typing on keyboard showing data breach at Canada foreign affairs department

Data Breach Impacts Canadian Foreign Affairs Department

Canada’s foreign affairs department is reeling from the impacts of a data breach that leaked the personal information of users and staff members.

Global Affairs Canada (GAC), the country’s foreign affairs department, activated its cyber incident response plan and launched an investigation after detecting a cyber intrusion by a malicious actor.

“Early results indicate there has been a data breach and that there has been unauthorized access to personal information of users, including employees,” said GAC spokesperson Marilyne Guèvremont. “The department is contacting those affected with mitigation measures to ensure that sensitive and personal information is secure.”

Canada’s foreign affairs department hacked via a vulnerable VPN

The Canadian foreign affairs department said the cyber attack stemmed from a compromised virtual private network (VPN) operated by the federal government’s Shared Services Canada (SSC). Created in 2011, the SSC manages the federal government’s IT services, including email, networks, and data centers.

Insiders disclosed that the data breach affected anybody connected to the GAC-operated Secure Integrated Global Network (SIGNET) between December 30, 2023, and January 24, 2024. It exposed the contents of two internal hard drives, emails, calendars, and contacts.

SIGNET is the foreign affairs department’s secure computer network that connects to the federal network. One part stores personal information, while another holds classified information.

The foreign affairs department took some systems offline, including the compromised VPN, and advised employees to change passwords and regenerate encryption keys according to internal sources.

“An unplanned IT outage is currently affecting remote access to Global Affairs Canada (GAC)’s network in the country. The Department’s critical services and external communication channels remain accessible and operational,” GAC explained. “This partial outage was intentionally activated on January 24, 2024, to address the discovery of malicious cyber activity.”

However, employees working remotely in Canada were provided workarounds to remain productive while the Canadian government worked with IT partners to restore the impacted systems.

“Global Affairs Canada is working with IT partners, including Shared Services Canada and the Canadian Centre for Cyber Security (part of the Communications Security Establishment), to restore full connectivity as soon as possible.”

The GAC VPN hack coincides with the recently disclosed Ivanti Connect Secure (ICS) VPN zero-day vulnerabilities exploited by Chinese hackers in the wild. Whether the Global Affairs Canada data breach relates to the exploited ICS flaws remains a mystery.

Global Affairs Canada tight-lipped on a significant data breach

Canada’s foreign affairs department includes the Trade and Global Affairs ministries. The Global Affairs minister is also a member of the Public Security Committee, which analyzes various security risks and threats, thus making the data breach more concerning.

Canada’s Office of the Privacy Commissioner, which demands that organizations report cyber incidents posing “real risk of significant harm to individuals,” was notified of the GAC data breach.

The foreign affairs department has not disclosed the threat actor’s identity, their motive, the nature of the information accessed, or the number of victims. However, the incident bears the hallmarks of cyber espionage by an adversary such as China or Russia.

“We cannot comment further at the moment on any specific details for operational and security reasons,” the department said.

Nevertheless, Global Affairs Canada told its employees that ongoing forensic work would help to uncover the impact, extent, and length of the data breach, which seemingly lasted for at least a month.

“When we consider the nature and scope of the breach within Global Affairs Canada, it’s imperative to reflect on not just the immediate impact but the broader repercussions it spells for digital security paradigms within government entities,” said Javvad Malik, Lead Security Awareness Advocate at KnowBe4. “The breach, affecting internal drives, and crucially, personal information of employees, underscores a stark reality that many organizations face but few adequately prepare for.”

Cyber attacks targeting Canada’s foreign affairs department are common, with this marking the second major cyber incident in two years.

In January 2022, GAC suffered another multi-day disruption attributed to suspected Russian-backed hackers. The attack prompted Canada’s Communications Security Establishment to warn of “foreign cyber threat activities” targeting the Canadian critical infrastructure.

According to GAC spokesperson Guèvremont, the department “deals with persistent cyber risks and threats every day.”