Canadian authorities are investigating a prolonged data security breach following the “detection of malicious cyber activity” affecting the internal network used by Global Affairs Canada staff, according to internal department emails seen by CBC News.
The breach affects at least two internal units, as well as the emails, calendars and contacts of many staff members.
CBC News spoke to multiple sources with knowledge of the situation, including employees who have been instructed on how the breach affects their ability to work. Some were told to stop working remotely starting last Wednesday.
CBC News also viewed three internal emails sent to Global Affairs staff.
“Forensic work has also advanced to help us understand the scope of the data breach,” one email said. “Work is ongoing, but early results suggest many (Global Affairs Canada) users may have been affected.”
Another email said that internal systems were vulnerable between December 20, 2023 and January 24, 2024. It informed anyone who connected remotely using a SIGNET (Secure Integrated Global Network) laptop that their information may be vulnerable.
It is unclear whether classified information was lost in the breach, which lasted more than a month.
Global Affairs is a ‘natural goal’
“A breach of that duration is bound to be serious,” said Wesley Wark, a national security expert at the University of Ottawa.
“Global Affairs Canada holds a lot of classified and sensitive information… It is a natural target for hacking, but it is also vulnerable and contains important data.”
Although confidential diplomatic cables are sent using an encrypted system, a source told CBC News that some drafts of confidential correspondence and some intelligence may have been stored in the affected units.
“We know this information may be disturbing to many of you,” the email sent to staff said. “This is an evolving situation and more information and guidance will continue to be shared as quickly as possible.”
The Lester B. Pearson Building on Sussex Drive in Ottawa, headquarters of Global Affairs Canada. (CBC)
The email offers suggestions on how to safeguard “sensitive information” and encourages employees to monitor financial accounts for unauthorized activity.
Meanwhile, some Canada-based Global Affairs employees with security clearance are unable to work from home.
“This is not a permanent change to the hybrid work model, just a temporary situation until this crisis passes,” the email said.
A senior diplomatic source told CBC News that on several occasions over the past year, staff were asked to immediately change passwords or restart software, but were not given further details.
Global Affairs Canada did not immediately respond to a request for comment.