Connect with us

Hi, what are you looking for?


Data Breaches

Canadian Military, Police Impacted by Data Breach at Moving Companies

Data breach at moving companies impacts Canadian government employees, and military and police personnel.

The Canadian government has announced that information pertaining to its employees and to military and police personnel was exposed in a data breach at third-party services providers.

The incident involved Brookfield Global Relocation Services (BGRS) and Sirva Canada, two moving and relocation services firms contracted by the Canadian government to provide relocation support to employees.

The government learned of the data breach on October 19, immediately launched an investigation into the matter, and informed the Centre for Cyber Security, the Office of the Privacy Commissioner, and the Royal Canadian Mounted Police.

According to the Canadian government, the data breach impacts the personal information of present and former public service employees, as well as members of the Canadian Armed Forces and Royal Canadian Mounted Police.

“Preliminary information indicates that breached information could belong to anyone who has used relocation services as early as 1999 and may include any personal and financial information that employees provided to the companies,” the government says in an incident notification.

No specific number of affected individuals has been provided yet, and the government says it has yet to identify who was impacted.

Prior to concluding the investigation into the incident, however, potentially impacted individuals are being offered credit monitoring services and the option to be reissued valid passports that might have been compromised.

Individuals who have relocated with the impacted mobility firms during the last 24 years have been advised to change login credentials similar to those used with BGRS or Sirva Canada, enable multi-factor authentication, and monitor their accounts for unusual activity.

Advertisement. Scroll to continue reading.

“This is an evolving situation and further information will be shared as it becomes available. Current and former employees who have questions should contact their departmental privacy teams,” the Canadian government notes.

While the Canadian government did not share specific details on the cyberattack, the LockBit ransomware gang has already claimed responsibility for it, publishing on its leak site data allegedly stolen from Sirva Canada.

The cybercrime group has made public over 1.5 terabytes of data after negotiations with Sirva allegedly failed.

Related: Yamaha Motor Confirms Data Breach Following Ransomware Attack

Related: US Organizations Paid $91 Million to LockBit Ransomware Gang

Related: US Government Warns Organizations of LockBit 3.0 Ransomware Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.


Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.