Cyberattacks On BC Government Led To Breach Of Personal Information
Photo Credit: Maksim Shmeljov/Shutterstock via CBC
The BC government identified a series of sophisticated cyberattacking incidents on government networks, the first of which was detected on Apr. 10. Premier David Eby’s initial statement, which was released on May 8, said that further investigation was being done but there was no immediate evidence that any sensitive data was compromised.
Although few details about the cyberattack have been released, officials say that it could not have been a ransomware attack. According to CTV News, the attack seems to have been supported by a state or state-sponsored actor.
On June 3, Shannon Salter, the head of the BC Public Service, stated that 22 email inboxes were suspected of being accessed. The inboxes contained personal information of 19 government staff. In all but one case, the information accessed was employee personnel files.
In her update, Salter said that anybody who could have been impacted has been notified and has been provided with resources to combat the misuse of stolen information. However, Salter says no evidence has been found pointing to the abuse of the compromised information. It was also confirmed by Public Safety Minister Mike Farnwort that only public service workers were affected, and not Cabinet members.
“Our top priority has to be the integrity of that investigation and the security of our networks, but as we've done today, we will continue to provide updates as we are able, without compromising that investigation,” Farnworth said in an interview with CTV News. “After the conclusion of the incident, there will be a complete review of the incident and government's response to ensure that we capture any lessons that can be learned.”
David Shipley, a cybersecurity expert, told CTV News that it would cost a lot of money to recover from such an attack and that only China and Russia are able to achieve an infiltration of this level. He said that digital interference is one of the top priorities for “hostile nations” and governments of all levels should be investing in protection against cyberattacks.
On June 3, the federal government released a statement on cybersecurity to raise awareness of the threat posed to Canada by foreign countries and their allies. In the statement, they also identified several countries as threats to Canada but highlighted China.
“Certain foreign states — including the People’s Republic of China (PRC), Russia, Iran, and North Korea — are conducting wide-ranging and long-term campaigns to compromise government and private sector computer systems [...] The most extensive state-sponsored cyber threat activity against Canada stems from the PRC.”
According to Eby’s initial statement back in May, the BC government is now looking to implement "additional measures to safeguard data and information systems."
"I know the public will have many questions about these incidents, and we will be as transparent as we can without compromising the investigation. As this complex work proceeds, the government will provide British Columbians with updates and information as we are able."