Cyber Incident Victim: Ontario

On September 14, 2023, a cyber incident disrupted multiple Canadian government services, with the Yukon government confirming a distributed-denial-of-service (DDoS) attack targeting its digital infrastructure. The attack commenced at midnight local time, overwhelming the territory’s network with abnormally high traffic volumes and causing widespread outages. Yukon’s main government website, internal systems, Wi-Fi networks, Microsoft Teams, SharePoint, cloud-based applications, government email accounts, and internet-based phone services became inaccessible to employees. Physical government operations in downtown Whitehorse experienced significant disruptions: motor vehicles offices restricted transactions to cash payments only, while other departments reported extended wait times due to reliance on compromised digital systems. Concurrently, government websites in Nunavut, Prince Edward Island, Manitoba, and Saskatchewan also crashed, though only Yukon and Nunavut authorities publicly acknowledged investigating the disruptions by Thursday evening.

Yukon officials issued a memo and Facebook post confirming the DDoS attack’s nature while asserting no evidence of unauthorized data access or threats to citizen information. Restoration efforts prioritized the main government website, which resumed functionality by late afternoon. Internal systems were largely stabilized, though some subsidiary Yukon government websites remained partially impaired. Nunavut’s main government page remained offline through Thursday evening, with officials continuing to investigate the outage’s origins without confirming a cyberattack. The Yukon government committed to resolving residual technical issues and pledged a detailed follow-up report by September 15. Operational impacts persisted in both territories, with Yukon employees regaining email access gradually and Nunavut’s investigation ongoing as of the last reported update.