Ottawa

'BlueLeaks' data breach involved 38 Canadian police forces

Confidential law enforcement data belonging to 38 Canadian police agencies has been exposed by a group of so-called hacktivists targeting police in the U.S., Radio-Canada has learned.

RCMP says confidential information leaked by 'hacktivists' in June was 'administrative'

Documents exposed by BlueLeaks include correspondence involving the RCMP and 37 other Canadian police agencies. (John Robertson/CBC)

Confidential law enforcement data belonging to 38 Canadian police agencies has been exposed by a group of so-called hacktivists targeting police in the U.S., Radio-Canada has learned.

The group Distributed Denial of Secrets (DDoSecrets) published thousands of documents amounting to 269 gigabytes online in June. Members of the group say the documents were obtained from members of the hacker collective Anonymous. 

The leak came from cyberattacks on American police agencies or their suppliers. Information from police services across the U.S., including emails, training notes and expense reports, was published online.

The RCMP has confirmed it was one of the agencies affected by the leak. In a statement, the RCMP said the National Cybercrime Coordination Unit (NC3) and RCMP cyber intelligence led an investigation to determine the effect of the leak on various RCMP jurisdictions and other Canadian police agencies.

'No secret information,' RCMP says

The leaked information involving Canadian law enforcement did not have a major impact on sensitive operations and was generally related to "training, administration and unclassified material which is non-sensitive in nature," the RCMP said in a statement. 

"We found that there was no secret information that was disclosed," said Insp. Daniel Côté, the officer in charge of NC3. "All the information that was online was administrative in nature."

The RCMP declined to identify the other Canadian police agencies involved, "for privacy and operational reasons."

But Steve Waterhouse, a cybersecurity expert and former cybersecurity officer for the Department of National Defence, argued even administrative data can be damaging if it gets into the wrong hands. 

"It could be emails or phone numbers of police officers in that stash of information, and they can sell it or use it to physically harm or harass police officers' families," Waterhouse said.

Privacy commissioner notified 3 months later

The RCMP said it takes any privacy breach seriously and that past and current employees involved in the breach are being notified.

The Office of the Privacy Commissioner of Canada received a report from the RCMP about the leak on Sept. 18, almost three months after it occurred.

In a statement, the office said it is reviewing the report and said the incident raises serious concerns, "given the sensitivity of the information involved."

Add some “good” to your morning and evening.

A variety of newsletters you'll love, delivered straight to you.

Sign up now

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

now