British Columbia Premier David Eby said late Wednesday that the province had identified “sophisticated cybersecurity incidents” involving government networks.
A government source later said the incidents were related to a directive to all provincial employees early last week that they should immediately change their passwords.
That directive had previously been described by B.C.’s Office of the Chief Information Officer as a precaution, in a statement suggesting the government was “routinely updating security measures.”
Eby said in a statement that the provincial government was working with the Canadian Centre for Cyber Security and other agencies to determine the extent of the incidents, but there was currently no evidence that sensitive information had been compromised.
Eby said that the investigation was ongoing and more work needed to be done to determine what information could have been accessed.
He said the Office of the Information and Privacy Commissioner had been informed of the incidents.
Eby said the government would be as transparent as it could “without compromising the investigation,” and would provide public updates.
Government staff were sent an email late Wednesday from Shannon Salter, deputy minister to the premier and head of the public service, informing them of the incidents.
“As the work continues to investigate these incidents, please change your password from 10 to 14 characters as requested and respond promptly to any other instructions to improve security,” said the email, obtained by The Canadian Press.
A statement provided last Thursday by the Office of the Chief Information Officer suggested that the original request to update passwords earlier that week was routine.
“The OCIO is taking preventive measures to safeguard government data and systems,” the statement said.
“As a security precaution … password length has increased from 10 to 14 characters. Routinely updating security measures from time to time is what helps keep government data and systems safe.”
In other incidents in recent weeks, hackers targeting B.C. libraries tried to extort payment not to release information about users, while retailer London Drugs was forced to shut its stores for more than a week to deal with a cybersecurity breach.
The government source said staff were told there was no indication that the government incident was related to either the library hack or the London Drugs shutdown, but the matter was still under investigation.
— By Brieanna Charlebois in Vancouver
Feature image by iStock.com/Galeanu Mihai