#CyberFLASH: Federal government stayed silent on cyberattack, documents show

cra-passwords-security_211076204-e1402005190177OTTAWA — The federal government knew it had been the target of a cyber attack last year but stayed silent for several days as it developed a comprehensive communications plan, internal documents show.

The documents, including a “Communications Approach” dated July 25, 2014, show the National Research Council was aware it had been hacked at least days before telling employees and client companies that their information was vulnerable.

The attack was eventually revealed by news organizations on July 28 and later confirmed by federal officials, who said the research agency was targeted by a “highly sophisticated Chinese state-sponsored actor.”

After the hack hit headlines, NRC management warned employees away from sharing sensitive information over email, using removable storage devices like USBs, and connecting to the agency’s network at home.

On July 29 at 10 a.m., the agency’s senior management started calling businesses that partner with the NRC to assure them the agency was doing everything they could to protect their confidential information, according to the documents. That disclosure came six days after NRC management sent an email to the federal privacy watchdog’s office, asking about the agency’s obligation to share information about the cyberattack with employees and clients.

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.