Canadian government confirms data breach, says sensitive data may have been leaked

 These two firms held government-related information on their servers, including data from the Royal Canadian Mounted Police, Canadian Armed Forces, and the Government of Canada. The data dates back to 1999.

LockBit claims responsibility

At press time, the type of the stolen data is unknown, as well as a more precise of affected individuals. The early conclusion is that whoever used the relocation services since 1999 has had both personal and financial data stolen. We do know that the Canadian government was made aware of the incident on October 19, after which it notified the police and other relevant organizations.

"The Government of Canada is not waiting for the outcomes of this analysis and is taking a proactive, precautionary approach to support those potentially affected," the organization said in a statement published late last week. "Services such as credit monitoring or reissuing valid passports that may have been compromised will be provided to current and former members of the public service, RCMP, and the Canadian Armed Forces who have relocated with BGRS or SIRVA Canada during the last 24 years.”

At the same time, the LockBit ransomware group took responsibility for the attack on SIRVA, saying it stole 1.5TB of sensitive information. The group added that negotiations failed. 

"Sirva.com says that all their information worth only $1m. We have over 1.5TB of documents leaked + 3 full backups of CRM for branches (eu, na and au)," BleepingComputer cited LockBit’s message on its dark web site.

More from TechRadar Pro

• A huge hoard of Boeing data leaked by LockBit ransomware
• Here's a list of the best firewalls today
• These are the best endpoint security tools right now