‘It was a very sophisticated attempt’
British Columbia’s public safety minister says police probing bid to breach government systems
Police are involved in the investigation into a sophisticated attempt to breach protected British Columbia government information systems, Solicitor General Mike Farnworth said Thursday.
But Farnworth, who is also B.C.’s public safety minister, said there was no evidence the cyberattack succeeded in accessing the information and there had been no ransom demand.
“I can tell you at this time there is no evidence of any sensitive information, such as health records for example, either being accessed or compromised,” he said at the legislature. “I can confirm that this has not been a ransomware incident.”
The Canadian Centre for Cyber Security and other agencies including police are involved in the investigation, Farnworth said of the incident that was announced late Wednesday by Premier David Eby.
The Canadian Centre for Cyber Security is part of Canada’s national cryptological agency, the Communications Security Establishment, providing guidance, services and support to government on cybersecurity.
“It was a very sophisticated attempt and we’ve been told by the experts that the money that was spent in 2022 in terms of upgrades to the system, had that not taken place, we would not even know the attempt was happening,” Farnworth said.
The government cyberattack comes amid other incidents in B.C. in recent weeks. Hackers targeted B.C. libraries and demanded a ransom to not release user information last month, while retailer London Drugs was forced to shut its stores in Western Canada for more than a week after a cybersecurity incident.
Farnworth said Thursday the government learned of its own incident “recently,” but would not say precisely when.
He acknowledged that B.C.’s Office of the Chief Information Officer sent a memo last week directing government employees to change their passwords. Farnworth said passwords were changed routinely, but “when something like this happens, passwords obviously get changed.”
Todd Stone, Opposition BC United house leader, connected the password directive to the attack and asked why the government waited eight days to share details with the public.
Farnworth said cybersecurity experts advised that the priority was protecting the system and its information before going public, something that could potentially increase vulnerability to attacks.
He said the government has no information about who may be responsible.
The government cyberattack comes amid other incidents in B.C. in recent weeks