Skip to main content

The national spy watchdog says the RCMP is investigating a cybersecurity breach that resulted in the theft of files and the compromise of personal information.

The National Security and Intelligence Review Agency says that between March 9 and 19, a hacker gained access to an agency network that included a database with names, phone numbers, e-mail addresses and scrambled versions of current and previous passwords.

The review agency examines federal security and intelligence activities to ensure they are lawful, reasonable and necessary, and looks into public complaints about key national security agencies and activities.

Individuals affected by the theft of the database have been directly notified, with a few exceptions, the review agency said in a notice posted on its website.

The network in question also included a variety of documents created by the review agency’s corporate, review and legal directorates, as well as personal information related to the agency’s employees and other individuals.

These records included e-mail correspondence with other federal employees, academics, civil society groups, the media and Access to Information requesters, along with complaint allegations submitted by the public for investigation by the agency.

The federal Centre for Cyber Security examined the review agency’s information technology systems after the breach and found no evidence suggesting the hacker improperly accessed or stole this other information.

However, the review agency said it “cannot fully exclude the possibility.”

“We very much regret the impact of this cyber incident.”

The agency, which first acknowledged the breach in a brief April statement, said the incident did not affect its classified systems.

Upon discovery of the digital intrusion in March, the review agency worked with Shared Services Canada and the Cyber Centre “to contain the breach and restore the integrity of its systems,” the agency said.

Acting on a recommendation from the Cyber Centre, the review agency permanently shut down the infiltrated network and related infrastructure. “We also reported the matter to the RCMP, who are conducting a law enforcement investigation into the cyber incident.”

The review agency has also reported the breach to the federal Privacy Commissioner and the Treasury Board Secretariat.

Neither the RCMP nor the Privacy Commissioner’s office had immediate comment Thursday.

The review agency says former employees or contractors who have not been notified about the breach should contact the agency here for further information.

Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.

Report an error