OTTAWA – Hackers who targeted Canada’s National Research Council infiltrated a system containing personal information, the federal privacy czar says.
The privacy commissioner’s office said Thursday it was first informed of the breach on July 23 and further briefed on Monday – at which point the exposure of personal data was confirmed.
The attack appears to be a serious security issue, but the full extent of the impact has yet to be determined, said Tobi Cohen, a spokeswoman for the commissioner’s office.
“We are following developments very closely due to the potential implication for personal information,” Cohen said. “We intend to continue communicating with the NRC to ensure we remain informed of any relevant privacy issues and to determine next steps.”
The federal government revealed Tuesday that the council’s networks were the target of a cyberattack, resulting in the shutdown of the key research agency’s IT system for an extended period.
Canada has squarely blamed the intrusion on a highly sophisticated Chinese state-sponsored actor, but Beijing has denied involvement, accusing Canada of making irresponsible accusations.
“The Chinese government consistently opposes criminal activities of all forms aimed at sabotaging the Internet and computer networks,” China’s foreign ministry said Thursday in a statement on its website.
“It is irresponsible for the Canadian side to make groundless accusations against China when there is no credible evidence. We are strongly opposed to that. We urge the Canadian side to correct their mistakes, stop making baseless accusations and redress the negative impacts incurred by their statement.”
Prime Minister Stephen Harper said this week there is “no doubt” China initiated the digital assault.
Canada must stand up to Beijing over such attacks, said Liberal public safety critic Wayne Easter, a former solicitor general who once oversaw Canada’s main spy agency.
“We have a long-term relationship with China, and our relationship – both from a commercial and a trade point of view – is important. But we’re in a technological world where our efforts to do the right thing on our own side to protect our interests has to happen.”
NDP defence critic Jack Harris said he has no problem with Canada pointing a finger at Beijing “if they have the proof that the Chinese actually did it.”
In the face of denials, Canada should seek assurances that state-sponsored hacking is not taking place if the Chinese “want to be good neighbours,” Harris added.
In an October 2012 report, the federal auditor general said the Conservative government had been slow to mount an effective response to the expanding threat of cyberattacks on vital systems.
In his report, Michael Ferguson revealed the government had made only limited progress in shoring up crucial computer networks and had lagged in building partnerships with other players.
Assaults that crippled computers at the Finance Department and Treasury Board in January 2011 have been linked to efforts – possibly originating in China – to gather data on the potential takeover of a Canadian potash company.
Following the auditor’s report, the government spelled out plans to implement various recommendations.
Almost two years later, Harris says there’s reason to believe Canada isn’t doing enough.
“If they have a plan, it clearly isn’t working yet. And we want to know what it is they’re going to do to make sure it works,” he said.
“The question is prevention, and not discovering that someone’s robbed your house.”
© The Canadian Press, 2014