A recent series of cyberattacks observed on the British Columbia government networks from state hackers may have compromised the personal information of its employees, authorities said.
Shannon Salter, head of the B.C. Public Service, on Monday, provided an update on a recent cyber investigation. She disclosed that hackers, who attacked government networks in April “may have” accessed 22 email inboxes of provincial employees. Among these, a few inboxes contained sensitive personal information on 19 individuals, primarily consisting of employee personnel files.
Salter confirmed that individuals potentially impacted by the breach have been notified. As a precaution, they will be offered credit monitoring and identity protection services. Despite the potential access, there has been no identified misuse of the information or evidence indicating that specific files were accessed by the threat actor.
The investigation so far has not found hackers accessing any sensitive information collected by the government in the delivery of public services. Additionally, officials clarified that the cyberattack was not a ransomware attack and appears to have been carried out by a state or state-sponsored actor.
Public Safety Minister Mike Farnworth reiterated Salter’s comments and told reporters in a press briefing:
“At this time, we have no indication that the general public’s information was accessed.”
Farnworth did not reveal which ministry employees’ emails were accessed by the hackers but said no cabinet members were affected as “these were [only] employee files.”
British Columbia Cyberattacks Timeline
Initial Detection and Investigation
– April 10: The B.C. government detected potential cyberattack.
– April 11: Government security experts confirmed the cyberattack after initiating an investigation.
Federal Involvement and Expert Consultation
– The incident was reported to the Canadian Centre for Cyber Security, which then engaged Microsoft’s Diagnostics and Recovery Toolset (DaRT) due to the attack’s sophistication.
– April 17: Premier David Eby was briefed on the cyberattack.
Continued Threat and Security Measures
– April 29: Evidence of another hacking attempt by the same “threat actor” was discovered.
– Same day, provincial employees were instructed to immediately change their passwords to 14 characters. The Office of the Chief Information Officer (OCIO) described this as part of routine security updates, though it was likely linked to the cyberattack.
Third Attempt and Final Disclosure
– May 6: Another cyberattack was identified, with the same threat actor responsible for all three incidents.
– May 8: After briefing the B.C. NDP cabinet on May 8, the cybersecurity centre concurred that the public could be notified, leading to the eventual public announcement of the cyberattacks.
The cyberattacks were not disclosed to the public until late evening on May 8, and was eventually announced during an ice hockey game, leading to accusations from B.C. United MLAs that the government was trying to conceal the attack.
Opposition MLA Todd Stone questioned the delay in public disclosure, asking, “How much sensitive personal information was compromised, and why did the premier wait eight days to issue a discreet statement during a Canucks game to disclose this very serious breach to British Columbians?”
Salter explained, at the time, that the cybersecurity centre advised against immediate public disclosure to prevent other hackers from exploiting vulnerabilities in government networks.
Throughout these incidents, the government emphasized that the ongoing nature of the investigation required careful management of information to ensure system security and prevent further exploits.
Is Beijing Involved?
Although the sophistication of this hacking campaign made clear that it is likely a work of a state or state-sponsored hackers, authorities have remained tight-lipped and not attributed these cyberattacks to any particular country.
The latest updates in the B.C. cyberattack, however, came on the same day that the Canadian Centre for Cyber Security warned of China’s increased targeting of Canadian citizens and its organizations through the scale and scope of its cyber operations.
The Cyber Centre said China’s cyber operations surpass other nation-state cyber threats in terms of volume, sophistication, and breadth of targeting. China’s cyber threat actors have targeted a wide range of sectors in Canada, including all levels of government, critical infrastructure, and the Canadian research and development sector.
The Cyber Centre said the government networks have been compromised multiple times by Chinese actors, who still frequently attempt reconnaissance against these networks. Government entities at all levels, including federal, provincial, territorial, municipal, and indigenous are the prime targets of Chinese actors, and thus, should be aware of the espionage risk.