Cyber Incident Victim: Government of Canada

On September 14, 2023, the Yukon government experienced a distributed-denial-of-service (DDoS) cyberattack that disrupted its website and internal systems starting at midnight. The attack overwhelmed the network with abnormally high traffic volumes, causing widespread outages. Government employees lost access to Wi-Fi, Microsoft Teams, SharePoint, cloud-based software, email, and internet-based phone services. Physical operations in downtown Whitehorse, including motor vehicle offices, faced longer wait times and resorted to cash-only transactions due to payment system disruptions. The Yukon government confirmed no unauthorized access to files or compromise of private citizen data occurred. Concurrently, government websites in Nunavut, Prince Edward Island, Manitoba, and Saskatchewan crashed, though only Yukon explicitly attributed its outage to a cyberattack at the time. Nunavut’s main government page remained offline into the evening while officials investigated the nature of its outage without confirming malicious activity.

By late afternoon on September 14, Yukon restored its main website functionality and resolved internal system issues, though some subsidiary government websites remained partially impaired. A government memo and Facebook post outlined the attack’s technical characteristics and assured the public of ongoing efforts to address residual problems. Officials committed to providing further updates by the following afternoon. Operational impacts included persistent delays in digital services and communications tools, reflecting the attack’s residual effects even after core systems were reinstated. The Nunavut government continued its investigation without disclosing additional details about the cause or scope of its website outage by the end of the reporting period.