Cyber Incident Victim: Government of British Columbia
Date:
May 2024
Location:
Canada
Summary
The B.C. government experienced sophisticated cybersecurity incidents targeting its networks, prompting collaboration with the Canadian Centre for Cyber Security and other agencies to assess potential impacts. While no evidence of compromised sensitive data was found, the investigation remains ongoing to determine the scope of unauthorized access. As a precaution, all provincial employees were directed to immediately change passwords to longer 14-character credentials, initially described as routine security maintenance but later linked to the incidents. The Office of the Information and Privacy Commissioner was notified, and officials committed to limited transparency to avoid hindering the probe. Preliminary findings indicated no connection to unrelated cyberattacks against provincial libraries or a regional retailer occurring around the same time.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The B.C. provincial government identified sophisticated cybersecurity incidents affecting its networks in late April or early May 2024, prompting a directive early last week for all employees to immediately change their passwords from 10 to 14 characters. The Office of the Chief Information Officer initially characterized this password update as routine preventive maintenance to safeguard data and systems. On May 1, Premier David Eby confirmed these measures were linked to active cybersecurity incidents, revealing the government had engaged the Canadian Centre for Cyber Security and other agencies to assess the breach scope. Investigations remained ongoing with no evidence yet confirming compromise of sensitive information or data exfiltration. The Office of the Information and Privacy Commissioner received formal notification of the incidents as part of disclosure protocols.
Government networks underwent heightened security scrutiny following the discovery, with Deputy Minister Shannon Salter emailing staff late on May 1 to reiterate password changes and urge compliance with future security directives. Authorities publicly stated transparency would be prioritized where possible without impeding the investigation, committing to provide updates as findings emerged. Preliminary assessments indicated no connection to contemporaneous cyberattacks against B.C. libraries—which involved extortion attempts over user data—or the London Drugs retail breach that forced week-long store closures. The incidents underscored existing vulnerabilities within provincial infrastructure, though attribution, specific attack vectors, and intrusion timelines remained undisclosed pending forensic analysis.