Skip to content

RCMP investigating hack of spy watchdog network involving theft of files, agency says

Individuals affected by the theft of the database have been directly notified
26293241_web1_CPT10444453
A woman uses her computer keyboard to type while surfing the internet in North Vancouver, B.C., on December, 19, 2012. THE CANADIAN PRESS/Jonathan Hayward

The national spy watchdog says the RCMP is investigating a cybersecurity breach that resulted in the theft of files and the compromise of personal information.

The National Security and Intelligence Review Agency says that between March 9 and 19, a hacker gained access to an agency network that included a database with names, phone numbers, email addresses and scrambled versions of current and previous passwords.

The review agency examines federal security and intelligence activities to ensure they are lawful, reasonable and necessary and looks into public complaints about key national security agencies and activities.

RELATED: Suspected RCMP secrecy breach fallout upgraded to ‘severe’: documents

Individuals affected by the theft of the database have been directly notified, with a few exceptions, the review agency said in a notice posted on its website.

The network in question also included a variety of documents created by the review agency’s corporate, review and legal directorates, as well as personal information related to the agency’s employees and other individuals.

These records included email correspondence with other federal employees, academics, civil society groups, the media and Access to Information requesters, along with complaint allegations submitted by the public for investigation by the agency.

The federal Centre for Cyber Security examined the review agency’s information technology systems after the breach and found no evidence suggesting the hacker improperly accessed or stole this other information.

However, the review agency said it “cannot fully exclude the possibility.”

“We very much regret the impact of this cyber incident.”

The agency, which first acknowledged the breach in a brief April statement, said the incident did not affect its classified systems.

RELATED: Feds’ unheralded $102B rainy day fund kept for the improbable, like cyberattacks

Upon discovery of the digital intrusion in March, the review agency worked with Shared Services Canada and the Cyber Centre “to contain the breach and restore the integrity of its systems,” the agency said.

Acting on a recommendation from the Cyber Centre, the review agency permanently shut down the infiltrated network and related infrastructure. “We also reported the matter to the RCMP, who are conducting a law enforcement investigation into the cyber incident.”

The review agency has also reported the breach to the federal privacy commissioner and the Treasury Board Secretariat.

The privacy commissioner has since begun its own investigation, which is ongoing, spokeswoman Tobi Cohen said Thursday.

The RCMP had no immediate comment.

The review agency says former employees or contractors who have not been notified about the breach should contact the agency at privacy-vieprivee@nsira-ossnr.gc.ca for further information.

Jim Bronskill, The Canadian Press