Confidential law enforcement data belonging to 38 Canadian police agencies has been exposed by a group of so-called hacktivists targeting police in the U.S., Radio-Canada has learned.
The group Distributed Denial of Secrets (DDoSecrets) published thousands of documents amounting to 269 gigabytes online in June. Members of the group say the documents were obtained from members of the hacker collective Anonymous.
The leak came from cyberattacks on American police agencies or their suppliers. Information from police services across the U.S., including emails, training notes and expense reports, was published online.
The RCMP has confirmed it was one of the agencies affected by the leak. In a statement, the RCMP said the National Cybercrime Coordination Unit (NC3) and RCMP cyber intelligence led an investigation to determine the effect of the leak on various RCMP jurisdictions and other Canadian police agencies.
‘No secret information,’ RCMP says
The leaked information involving Canadian law enforcement did not have a major impact on sensitive operations and was generally related to “training, administration and unclassified material which is non-sensitive in nature,” the RCMP said in a statement.
“We found that there was no secret information that was disclosed,” said Insp. Daniel Côté, the officer in charge of NC3. “All the information that was online was administrative in nature.”
The RCMP declined to identify the other Canadian police agencies involved, “for privacy and operational reasons.”
But Steve Waterhouse, a cybersecurity expert and former cybersecurity officer for the Department of National Defence, argued even administrative data can be damaging if it gets into the wrong hands.
“It could be emails or phone numbers of police officers in that stash of information, and they can sell it or use it to physically harm or harass police officers’ families,” Waterhouse said.
Privacy commissioner notified 3 months later
The RCMP said it takes any privacy breach seriously and that past and current employees involved in the breach are being notified.
The Office of the Privacy Commissioner of Canada received a report from the RCMP about the leak on Sept. 18, almost three months after it occurred.
In a statement, the office said it is reviewing the report and said the incident raises serious concerns, “given the sensitivity of the information involved.”