VICTORIA — Police are involved in the investigation into a sophisticated attempt to breach protected British Columbia government information systems, Solicitor General Mike Farnworth said Thursday.
But Farnworth, who is also СÀ¶ÊÓƵ's public safety minister, said there was no evidence the cyberattack succeeded in accessing the information and there had been no ransom demand.
"I can tell you at this time there is no evidence of any sensitive information, such as health records for example, either being accessed or compromised," he said at the legislature. "I can confirm that this has not been a ransomware incident."
The Canadian Centre for Cyber Security and other agencies including police are involved in the investigation, Farnworth said of the incident that was announced late Wednesday by Premier David Eby.
The Canadian Centre for Cyber Security is part of Canada's national cryptological agency, the Communications Security Establishment, providing guidance, services and support to government on cybersecurity.
"It was a very sophisticated attempt and we've been told by the experts that the money that was spent in 2022 in terms of upgrades to the system, had that not taken place, we would not even know the attempt was happening," Farnworth said.
The government cyberattack comes amid other incidents in СÀ¶ÊÓƵ in recent weeks. Hackers targeted СÀ¶ÊÓƵ libraries and demanded a ransom to not release user information last month, while retailer London Drugs was forced to shut its stores across Western Canada for more than a week after a cybersecurity incident.
London Drugs President Clint Mahlman said in an interview Thursday that the company had no evidence to suggest customer data was compromised, and he had no knowledge if the breach might be connected to the СÀ¶ÊÓƵ government incident.
Farnworth said Thursday the government learned of its own incident "recently," but would not say precisely when.Â
He acknowledged that СÀ¶ÊÓƵ's Office of the Chief Information Officer sent a memo last week directing government employees to change their passwords. Farnworth said passwords were changed routinely, but "when something like this happens, passwords obviously get changed."
Todd Stone, Opposition СÀ¶ÊÓƵ United house leader, connected the password directive to the attack and asked why the government waited eight days to share details with the public.
Farnworth said cybersecurity experts advised that the priority was protecting the system and its information before going public, something that could potentially increase vulnerability to attacks.
He said the government has no information about who may be responsible.
Mahlman, meanwhile, said he wouldn't share "details of any interactions with the threat actors" behind the London Drugs attack.
He said he didn't know why the company was targeted, but hackers with sophisticated methods were "constantly probing for weaknesses" of online systems.
Mahlman said the Richmond, СÀ¶ÊÓƵ-based pharmacy and retailer had been preparing for such a situation for years, and they shut down immediately after the cybersecurity breach was discovered on April 28 in order to contain the threat.
Since then, Mahlman said London Drugs had been working with cybersecurity experts to "methodically go through every system" and bring them back online in a secure way.
"We won't reopen a system until we have the confidence that it is as good as we can possibly make it," he said.Â
He said he was sorry the company couldn't release more details in the days after the incident, but they didn't want to give the attackers any leverage.
"The cybersecurity experts deal with these people all the time, and as such, they see certain behaviours from certain threat actors," he said.
Mahlman said hackers look at media reports about the cyber attacks, assessing whether the company is aware of the extent of the breach and its ability to recover.Â
"They use that information to either sustain their attack or leverage in some sort of way against the company."
London Drugs would not knowingly give hackers that leverage, Mahlman said.
"We apologize to the media and our customers that we couldn't have given more details that they want, but that's our commitment to the safety and security of our systems and our customers."
London Drugs said on Tuesday that all 79 of its stores in СÀ¶ÊÓƵ, Alberta, Saskatchewan, and Manitoba had reopened, and Mahlman said it was a "very big step" to shut down its systems companywide to "contain and mitigate any potential damage."Â
"The level of sophistication and expertise of these international cyber threat actors is significant," Mahlman said.
Mahlman said the investigation was ongoing with the help of cybersecurity experts from across the continent, and more work needed to be done to determine what information could have been accessed.
"We've never had to shut down all our stores before," Mahlman said. "I think the public may be shocked to know, and this is far from unique to London Drugs."
— With files by Brenna Owen in Vancouver
This report by The Canadian Press was first published May 9, 2024.
Dirk Meissner, The Canadian Press