Internal government emails, obtained by The Canadian Press (PC) under the Access to Information Act, indicate that
officials were unable to confirm the full extent of the information to which [les cyberpirates] have had access.
As a result, the Office of the Secretary to the Governor General wanted to offer credit monitoring services to employees concerned that personal information had been stolen.
All managers were encouraged
reflect on the information managed by their respective unit and to express their concerns, according to the draft of a text written on November 17, 2021 which was to be sent to employees.
In the press release published on December 2, the Office of the Secretary to the Governor General revealed that its internal network had been the subject of unauthorized access. He added that he was working with the Canadian Center for Cyber Security
as part of the ongoing investigation to determine the nature and scope of this intrusion.
Little information on the extent of the attack
The Office also mentioned that it was working with experts and taking other steps to strengthen its network as needed. The Office of the Privacy Commissioner has also been notified of this unauthorized access.
Ciara Trudeau, a spokeswoman for the Office of the Secretary to the Governor General, says Rideau Hall employees and external partners have been made aware.
However, she declined to specify the exact extent of this attack, including the nature of the information to which the hackers had access, the method used or the reasons.
Ms. Trudeau also did not want to discuss the audit services offered to employees.
Internal emails indicate that several Privy Council Office officials were alerted to this cyberattack two weeks before it was made public.
Spokespersons for that office declined to comment.
A Communications Security Establishment (CSE) spokesman, Evan Koronewski, said the agency cannot provide details about the cyberattack.
What I can tell you is that we continue to work diligently with the Office of the Secretary to the Governor General to ensure that their systems are resilient and that the tools are in place to monitor, detect and investigate any new threathe pointed out.
theCST provides advocacy services to the Office of the Secretary in coordination with Shared Services Canada.
The database is increasingly attracting cybercriminals, says Chantal Bernier, a former acting privacy commissioner of Canada.
It’s risk-free, very inexpensive and very profitable, she says. Unfortunately, there are several states behind these hacks.
Ms. Bernier praised Rideau Hall for quickly alerting theCSTassisted its employees and contacted the Office of the Privacy Commissioner, even though the Office of the Secretary to the Governor General is not subject to the Privacy Act.
According to her, this case highlights the need to extend the mandate of the commissioner’s office because of the imbalance created by the Internet between individuals and organizations who possess personal data.
It’s very complex and we cannot hold organizations accountable individually. It is above our heads, said Ms. Bernier. The magnitude of these vulnerabilities and their consequences are such that we need control strong enough to hold accountable all organizations that hold personal data.