• Home
  • cyber
  • Canada Border Services Agency | Agence des services frontaliers du Canada
cyber Breach

Canada Border Services Agency | Agence des services frontaliers du Canada

Nov 23, 2022 1 min read
Canada Border Services Agency | Agence des services frontaliers du Canada

Canada Border Services Agency suffered a data breach incident after a contractor led to the unauthorised access of up to 1.38 million licence plates and related information. 

The investigation found that the contract lacked clauses with respect to security safeguards, including for the protection and retention of personal information.

Bad actors were able to break into the third-party contractors’ systems through an unpatched and decommissioned server, where they were able to access, copy, and remove files from the network, before posting some of the data on the dark web.

The breach exposed around 9,000 licence plate photos of travellers crossing into Canada from the border crossing in Cornwall, Ontario.

Source: https://ca.topclassactions.com/lawsuit-settlements/data-breach/border-agency-data-breach-exposes-1-38m-licence-plates/

TPRM report: https://scoringcyber.rankiteo.com/company/cbsa-asfc

"id": "can206221122",
"linkid": "cbsa-asfc",
"type": "Breach",
"date": "10/2022",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Government',
                        'location': 'Canada',
                        'name': 'Canada Border Services Agency',
                        'type': 'Government Agency'}],
 'attack_vector': 'Unpatched and decommissioned server',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '1.38 million',
                 'personally_identifiable_information': 'Licence plate photos',
                 'type_of_data_compromised': ['Licence plates',
                                              'Related information']},
 'description': 'Canada Border Services Agency suffered a data breach incident '
                'after a contractor led to the unauthorised access of up to '
                '1.38 million licence plates and related information.',
 'impact': {'data_compromised': ['Licence plates', 'Related information']},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes',
                           'entry_point': 'Unpatched and decommissioned '
                                          'server'},
 'lessons_learned': 'Ensure contracts include security safeguards for the '
                    'protection and retention of personal information.',
 'post_incident_analysis': {'root_causes': 'Lack of security safeguards in the '
                                           'contract; Unpatched and '
                                           'decommissioned server'},
 'threat_actor': 'Unspecified bad actors',
 'title': 'Canada Border Services Agency Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Lack of security safeguards in the contract'}
Published by
Harshit Kaur Bhatia
Harshit Kaur Bhatia
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.