Citing security concerns, the Canadian Government has announced that WeChat and Kaspersky have both been banned on Canadian Government devices:
Effective October 30, 2023, the WeChat and Kaspersky suite of applications will be removed from government-issued mobile devices. Users of these devices will also be blocked from downloading the applications in the future.
The Chief Information Officer of Canada determined that WeChat and Kaspersky suite of applications present an unacceptable level of risk to privacy and security. On a mobile device, the WeChat and Kaspersky applications data collection methods provide considerable access to the device’s contents.
The decision to remove and block the WeChat and the Kaspersky applications was made to ensure that Government of Canada networks and data remain secure and protected and are in line with the approach of our international partners.
While the risks of using these applications are clear, we have no evidence that government information has been compromised.
Kaspersky didn’t waste any time in responding to this:
Kaspersky is disappointed with the decision by the Treasury Board of Canada Secretariat to prohibit the use of Kaspersky applications on government-issued mobile devices. This decision comes as a surprise, was made without any warning or opportunity for engagement by Kaspersky on the Canadian government’s underlying concerns, and is not based on any technical assessment of Kaspersky products – which the company continuously advocates for – but instead seems to be made on political grounds.
I have not seen any reaction from WeChat. But I would imagine that they aren’t happy either. And I expect that there will be additional reaction coming from Russia as Kaspersky is a Russian company, and from China as WeChat is Chinese.
Canadian Government Warns Of Data Breach Impacting 25 Years Of Public Service Employee Data
Posted in Commentary with tags Canada, Hacked on November 20, 2023 by itnerdIn a press release on Friday, the Canadian government warned current and former public service employees and members of the Royal Canadian Mounted Police and Canadian Armed Forces that their personal and financial information may have been accessed in a data breach involving two relocation support companies.
The breach occurred on October 19th and affects federal government data that was held by Brookfield Global Relocation Services and SIRVA Worldwide Relocation & Moving Services. Data may include any personal and financial information provided to the companies from as early as 1999.
“Given the significant volume of data being assessed, we cannot yet identify specific individuals impacted,” said the release.
“The Government of Canada is not waiting for the outcomes of this analysis and is taking a proactive, precautionary approach to support those potentially affected.“
Jason Keirstead, VP Collective Threat Defense, Cyware had this comment:
“Breaches that involve third-party subcontractors are increasingly one of the most challenging issues to manage on an organization’s risk register. One way an organization can reduce their own risk is by leveraging their capabilities to help protect their suppliers – for example by sharing both threat intelligence and defense information downstream with their supply chain.”
Given that Canada has very robust laws when it comes to this sort of thing, I fully expect that a robust investigation will take place. And I will be looking to see what the Canadian Government does to stop this sort thing from happening in the future based on said investigation.
Leave a comment »