Ottawa now says the data theft at companies that handle moving arrangements of federal staff includes that of members of the Canadian Armed Forces, current and former federal employees, and Royal Canadian Mounted Police personnel for the past 24 years.
The Treasury Board statement says the data was held by both BGRS and SIRVA Canada IT systems. The government has contracts with BGRS and SIRVA Canada to provide relocation support to employees, the statement says. It adds that the data theft has been reported to the Canadian Centre for Cyber Security, the Office of the Privacy Commissioner, and the Royal Canadian Mounted Police.
The statement says the government “is meeting with BGRS and SIRVA Canada on a regular basis to monitor progress on the issue. This will continue until we have a full assessment of the breach and its impacts.”
In the meantime, Ottawa advises any federal employee who used BGRS and SIRVA Canada since 1999 to:
- update login credentials they use for any email, website or social media that may be similar to ones they created for BGRS or SIRVA Canada;
- enable multi-factor authentication on accounts that are used for any online transactions;
- monitor their financial and personal online accounts for any unusual activity.
Rather than wait for a complete list of victims, Ottawa says credit monitoring or reissuing valid passports that may have been compromised will be provided to current and former members of the public service, RCMP, and the Canadian Armed Forces who have relocated with BGRS or SIRVA Canada during the last 24 years.