A cyberattack supported by a foreign government infiltrated nearly two dozen B.C. government e-mail inboxes, gaining access to sensitive personal information on 19 public servants, according to an official update on the continuing investigation.
Solicitor-General and Public Safety Minister Mike Farnworth gave a brief update Monday in Vancouver, saying the “very sophisticated” cyberattack first detected by British Columbia in April does not appear to have targeted any members of the provincial cabinet. But he would not say which ministries were compromised. And he would not say which country investigators believe is behind the attack.
Mr. Farnworth did say that no sensitive government information is believed to have been taken, but personal information was accessed. He added that all the employees have been told of the hack and given free credit monitoring and help protecting their identities.
“I know this situation is concerning for many,” Mr. Farnworth said. “We have no indication that the general public’s information was accessed.”
The minister said B.C. has analyzed the vulnerabilities that allowed this attack to succeed and the province’s team of 76 cybersecurity professionals has improved the way it protects data and defends the government’s information systems.
Hours before Mr. Farnworth’s news conference, Shannon Salter, the head of the province’s public service, sent an e-mail updating employees on the investigation into the hack and informing the civil services that employee personnel files were targeted. She noted the attack also targeted a lone employee “who had family information in their inbox.”
The initial attack was detected on April 10 by the province’s cybersecurity team, which then notified experts at Microsoft Corp. and the Canadian Centre for Cyber Security, an arm of Canada’s national cryptologic agency, the Communications Security Establishment, that provides guidance, services and support to government on cybersecurity.
On April 29, government employees were asked to change their passwords to protect against the breach of security. Mr. Farnworth has said the two-week delay was based on guidance from the cybersecurity agency.
The breach is one of several recent cyberattacks in the province, including at the First Nations Health Authority and an attack that forced retailer London Drugs to shut down stores across Western Canada for more than a week.
On Monday, Mr. Farnworth’s federal counterpart Dominic LeBlanc issued a statement warning Canadians to be vigilant of cyberthreats to national security and efforts by foreign countries to interfere in domestic politics. The statement named Russia, Iran, North Korea and China as conducting “wide-ranging and long-term campaigns to compromise government and private sector computer systems.”
“These states obtain information that can be used to interfere with our political systems and our critical infrastructure, and can be used to threaten or harm people in Canada,” the statement said.
In 2022, B.C. allotted $50.8-million over eight years to strengthen cybersecurity measures and systems. Mr. Farnworth said one of the changes made since then allowed for the detection of the April attack.
Cybersecurity expert David Shipley said the investment isn’t nearly enough to confront the dangers posed to subnational governments by state-backed hackers. He said B.C. should be investing up to $100-million a year to help secure the digital infrastructure of public agencies such as hospitals and libraries.
Mr. Shipley, chief executive of Beauceron Security, a New Brunswick software and training company with clients around North America, said he doubted B.C. was the only entity targeted in this attack, but said B.C. might be the only jurisdiction to detect the intrusion so far.
“B.C. is the first one to really dig into it and see something,” said Mr. Shipley, who is also co-chair of the Canadian Chamber of Commerce’s cyber council.
He said totalitarian states such as China and Russia are keen to hoover up as much government information as possible from countries like Canada over a number of years and use these attacks to attempt to gain access to the wider directory housing the names and passwords of all a system’s users.
He said it’s still way too early to “say this is about 22 e-mail accounts.”
With a report from The Canadian Press
Mike Hager