• Thanks for stopping by. Logging in to a registered account will remove all generic ads. Please reach out with any questions or concerns.

BGRS Hacked

Ludoc

Ludoc

Member
Reaction score
37
Points
430
It looks like the reason the BGRS website has been down is it was hacked.

https://www.cbc.ca/news/politics/military-relocation-hacked-bgrs-1.7003766

The government confirms a data spill of personal info:
[GoC] confirmed that unauthorized access was obtained to Government of Canada (GC) personnel information held by BGRS and as such we are providing notification of this incident
Click to expand...

It also told members to monitor "their financial and personal online accounts for any unusual activity."
Click to expand...
 
Ludoc said:
It looks like the reason the BGRS website has been down is it was hacked.

https://www.cbc.ca/news/politics/military-relocation-hacked-bgrs-1.7003766

The government confirms a data spill of personal info:
Click to expand...

Hold Fire Sale GIF
 
At this point I’d rather get the cash cost of my next move, be it posting or final retirement, and let me manage myself under the relocation policy.
 
Because of course there's a Bruce Schneier quote. Discussing a different issue, but highly applicable here:

"If researchers don’t go public, things don’t get fixed," said Bruce Schneier, a security expert who has written several books on the subject. "Companies don't see it as a security problem; they see it as a PR problem. And if there's no PR problem, it'll never be a priority.”
Click to expand...

www.huffpost.com

After Apple Punishes Researcher, A Complex Relationship Is Tested

After Apple Punishes Researcher, A Complex Relationship Is Tested
www.huffpost.com www.huffpost.com
 
Good news! According to Forbes magazine earlier this year, Sirva was one of the most cybersecure companies in America!

www.forbes.com

America's Most Cybersecure Companies 2023

To identify the companies doing the most to thwart attacks in this perilous terrain, Forbes has created its newest list, America’s Most Cybersecure Companies. In partnership with the research company SecurityScorecard, the rankings highlight the top 200 U.S.-based companies whose website...
www.forbes.com www.forbes.com

www.forbes.com

SIRVA | Company Overview & News

Sirva, 81% owned by a Clayton, Dublier & Rice-managed fund, is one of the industry's largest global relocation and moving services and logistics company.
www.forbes.com www.forbes.com
 
Companies should never pay. Have their backups, scrub the systems and restore. If everyone said screw you then this crap would stop.
 
Backups cost money. Probably less than $15M but they took a risk and now get to live with the results.
 
Frankly if it were merely a "we encrypted your data" hack it would be borderline tolerable. The exfiltration of 1.5 TB of data before the encryption is where everyone in the SIRVA ITSEC organization failed.
 
Weird I don't recall seeing any emails about this on DWAN. I do see one about Cyber Security Awareness week...
 
Emails hit last Friday just after 4 p.m. over DWAN and D365. Also, there have been many attempts at a thread start on /r/CanadianForces to be quashed by that mod team (not sure what motivation there is, people are very concerned), and I think this caused /r/CAF rogue sub to take off a bit (membership increased 5x this week, only still a few hundred). The screenshot of the /r/CAF post sums it up, one update on that is the data is now linked out as six *.tgz files on LockBit's TOR site (last update flag they have is 05:15 UTC 26 October 2023, so it went public minutes ago).
 

Attachments

  • image_2023-10-26_012645839.png
    image_2023-10-26_012645839.png
    41.7 KB · Views: 15
donaldk said:
Emails hit last Friday just after 4 p.m. over DWAN and D365. Also, there have been many attempts at a thread start on /r/CanadianForces to be quashed by that mod team (not sure what motivation there is, people are very concerned), and I think this caused /r/CAF rogue sub to take off a bit (membership increased 5x this week, only still a few hundred). The screenshot of the /r/CAF post sums it up, one update on that is the data is now linked out as six *.tgz files on LockBit's TOR site (last update flag they have is 05:15 UTC 26 October 2023, so it went public minutes ago).
Click to expand...
The r/CanadianForces sub has quashed many threads on various topics for reasons. It’s ironic since a lot of those people got there due to complaints that this site was being toxic.

But yes, r/CAF is a bit of a reaction to the other sub. I pretty much only go to r/CanadianForces for the SCS now, which I still find hilarious.
 
TBS dropped a message yesterday.

Message to current and former public service employees and members of the Canadian Armed Forces and Royal Canadian Mounted Police - Canada.ca

Message to current and former public service employees and members of the Canadian Armed Forces and Royal Canadian Mounted Police
www.canada.ca www.canada.ca

"...preliminary information indicates that breached information could belong to anyone who has used relocation services as early as 1999 and may include any personal and financial information that employees provided to the companies."
 
You must log in or register to reply here.

Similar threads

daftandbarmy
2023 Layoff Tracker: Latest Meta Cuts Could Hit 4,000
2
Replies
31
Views
22K
mariomike
mariomike
daftandbarmy
21 runners die in extreme weather at China ultramarathon
Replies
1
Views
7K
Colin Parkinson
Colin Parkinson
daftandbarmy
‘Defence’ doesn’t fit the job of Canada’s military any more. Let’s create a Department of National Safety instead
2 3
Replies
46
Views
72K
foresterab
F
daftandbarmy
    • Like
The Management Myth
Replies
11
Views
14K
Brad Sallows
Brad Sallows
dimsum
MND Mandate Letter 2021
2
Replies
25
Views
34K
FJAG
FJAG
Back
Top