OTTAWA — The national spy watchdog says the RCMP is investigating a cybersecurity breach that resulted in the theft of files and the compromise of personal information.
The review agency examines federal security and intelligence activities to ensure they are lawful, reasonable and necessary, and looks into public complaints about key national security agencies and activities.
Individuals affected by the theft of the database have been directly notified, with a few exceptions, the review agency said in a notice posted on its website.
The network in question also included a variety of documents created by the review agency's corporate, review and legal directorates, as well as personal information related to the agency's employees and other individuals.
These records included email correspondence with other federal employees, academics, civil society groups, the media and Access to Information requesters, along with complaint allegations submitted by the public for investigation by the agency.
The federal
However, the review agency said it "cannot fully exclude the possibility."
"We very much regret the impact of this cyber incident."
The agency, which first acknowledged the breach in a brief April statement, said the incident did not affect its classified systems.
Upon discovery of the digital intrusion in March, the review agency worked with Shared Services Canada and the Cyber Centre "to contain the breach and restore the integrity of its systems," the agency said.
Acting on a recommendation from the Cyber Centre, the review agency permanently shut down the infiltrated network and related infrastructure. "We also reported the matter to the RCMP, who are conducting a law enforcement investigation into the cyber incident."
The review agency has also reported the breach to the federal privacy commissioner and the Treasury Board Secretariat.
The privacy commissioner has since begun its own investigation, which is ongoing, spokeswoman
The RCMP had no immediate comment.
The review agency says former employees or contractors who have not been notified about the breach should contact the agency at privacy-vieprivee@nsira-ossnr.gc.ca for further information.
This report by
© 2021 The Canadian Press. All rights reserved., source