"No indication" gun owners' info exposed in potential ransomware attack: Government

Zac Kurylyk in , on March 26, 2021

After discovering a potential ransomware attack on a partnering private company earlier this month, the federal government says there is "no indication" firearms owners' information was compromised.

On March 19, the RCMP's firearms website posted the following notice:

The Government of Canada is investigating a possible ransomware attack incident on a private company that provides services to some federal departments and agencies, including the RCMP Canadian Firearms Program (CFP). At this time, there is no indication that there has been unauthorized disclosure of any personal information of CFP clients. The CFP will communicate any pertinent updates as they become available. Additional information has been posted by the Treasury Board of Canada Secretariat.

It's interesting to note what it does say, and what it doesn't say. First of all, it's calling this a "possible" ransomware attack. It's not coming right out and admitting there was an attack. Why the confusion? Is the private partner not being forthcoming? Who's covering up what?

Next, the notice says the RCMP is only one of the departments and agencies that deals with this private company. That suggests this ransomware attack is probably not targeted specifically at firearms owners. If you follow that link to the Treasury Board, you get this:

On March 14, 2021, the Government of Canada was made aware of a possible ransomware attack on a private company that provides services to International and Canadian clients, including to some federal departments and agencies. No cyber threat has been directed at the Government of Canada, nor its information technology infrastructure.

At this time, there is no indication that there has been any unauthorized disclosure of any personal information of Canadians handled by the company and originating from the Government of Canada.

This raises more questions. What services was this "private company" providing? What company are we talking about, anyway? It's all very hush-hush. No doubt this is for the benefit of the private partner involved here. However, involvement from the Treasury Board implies a financial angle to this thing.

On the part of the Canadian Sporting Arms and Ammunition Association, Managing Director Alison de Groot says she has not heard of any of the CSAAA's member businesses being affected at this point. The Canadian Coalition for Firearms Rights hasn't heard of anything solid either. A call to the federal government's media reps hasn't resulted in any more information either.

What's a ransomware attack?

Typically, a ransomware attack blocks users' access to computer systems, or at publishes private data unless a ransom is paid. In either case, the attackers have some level of illicit access to private systems, which is obviously a bad thing. In this case, the problem would be if gun owners' financial data was compromised, their addresses, or details about what firearms they possess. This could raise issues with doxxing, or criminal targeting of collections.

For now, the feds are saying there's no indication that has happened, but they'll tell us if they find out otherwise. That's not particularly reassuring, given the overall lack of information, but all we can do now is wait for more details.

Subscribe to Calibre Magazine

SUBSCRIBE
[instagram-feed]
Copyright © 2021 CalibreMag.ca