We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Decades of Canadian Government Employee Data Stolen

Decades of Canadian Government Employee Data Stolen
Author Image Husain Parvez
Husain Parvez Published on 24th November 2023 Cybersecurity Researcher

In a significant cybersecurity incident, the Canadian government disclosed a data breach that exposed sensitive information of its employees, including members of the Canadian Armed Forces and the Royal Canadian Mounted Police. The breach, which dates back to 1999, involves two of its contractors: Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services.

The LockBit ransomware gang has claimed responsibility for the breach, particularly targeting SIRVA's systems. According to BleepingComputer, the group has leaked 1.5TB of stolen documents, including details of failed negotiations with SIRVA representatives. The breach first came to light on October 19th when the Canadian government reported the incident to the Canadian Centre for Cyber Security and the Office of the Privacy Commissioner.

In a statement, the Treasury Board of Canada Secretariat warned individuals who have used relocation services from BGRS or SIRVA Canada since 1999 that their data might have been compromised.

"At this time, given the significant volume of data being assessed, we cannot yet identify specific individuals impacted," the Treasury Board said. The Canadian government is currently working with BGRS and SIRVA to investigate the incident and ensure that vulnerabilities exploited in the attack have been addressed.

The Canadian government has used BGRS’s services since 1995, facilitating over 14,000 relocations of members of the Canadian Armed Forces per year. SIRVA Canada has been contracted with the government since at least 2009, according to government records. The two companies merged in August 2022, which might explain the breach's extensive impact.

In response to the breach, the government is offering services to all current and former employees who relocated with BGRS or SIRVA Canada over the last 24 years. These services include credit monitoring and reissuing of passports that may have been compromised. Additionally, officials have urged those potentially affected to update their login credentials, enable multi-factor authentication, and monitor their online accounts for unusual activity.

Sean McNee, VP of Research and Data at DomainTools, highlighted the challenges of securing information provided to third-party companies. "The modern interconnected supply chain within which large enterprises and governments operate creates opportunities for persistent threat actors, such as LockBit, to operate," McNee stated to SC Magazine.

McNee also suggested that citizens consider changing the answers to any security or account recovery questions for critical online accounts, as the leaked information might contain the 'correct' answers to such questions.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.