Privacy breach affecting current and former employees

February 6, 2024

I’m a retired RCMP member and have used this relocation service in the past. What do I need to do?

It's possible retired members are not aware of the privacy breach.

The Relocation Policy team does not have email addresses for retired members and are trying to find ways to reach them.

If you have used BGRS or SIRVA Canada relocation services since 1999, your personal information may have been compromised. The Government of Canada continues to address issues stemming from the incident and is offering credit monitoring services for up to one year.

If you require assistance, please self-identify by sending an email to RCMP national Relocation Policy at: rcmp.relocationdirective-directivereinstallation.grc@rcmp-grc.gc.ca.

Relocation Policy will confirm if you have used the service and then share your name with the Treasury Board of Canada Secretariat so you can obtain a code to receive credit monitoring.

Please read the privacy breach webpage and come back regularly for updates.

January 9, 2024

When will a government-wide contract be in place for credit-monitoring services and what will that include?

The Government of Canada is offering credit-monitoring services for up to 1 year for all current and former employees and their families potentially affected by the BGRS and SIRVA Canada privacy breach. The Government of Canada is also contacting employees in waves because of the volume of personnel potentially affected by this breach.

• Wave 1 consists of employees identified in the breach.
• Wave 2 consists of employees relocated in the last 5 years.
• Wave 3 is employees relocated in the last 10 years, and so on until all potentially impacted employees have been contacted.

This process has already begun.

Can I purchase my own credit-monitoring services and seek reimbursement at a later date?

At this time, any actions you take on your own are your responsibility and may not be reimbursed by the Government of Canada.

We understand the current situation is stressful. Rest assured, we are doing everything possible by working with Treasury Board of Canada Secretariat to take concrete actions to protect your information and credit monitoring.

How many employees are affected by this privacy breach?

At this time, given the significant volume of data being assessed, the RCMP is in the process of identifying specific individuals impacted. However, preliminary information indicates breached information could belong to anyone who has used relocation services as early as 1999 and may include any personal and financial information that employees provided to the companies.

Starting in 2016, relocation services for regular and civilian members was done in house and not through BGRS or SIRVA Canada.

BGRS or SIRVA Canada still handles relocation services for public service employees at the RCMP.

December 18, 2023

Treasury Board Secretariat of Canada: BGRS and SIRVA Canada systems privacy breach

Read more about the privacy breach, including reissuing passports.

November 24, 2023

• An email notification was sent from the Relocation Policy unit to the first group of current employees identified as having information included in this breach. This is not a complete list of impacted personnel. We are continuing to search the data and will send notifications as we find those impacted.
• The Privacy Commissioner of Canada launched an investigation into a cyberattack on November 23, 2023. That work will examine the adequacy of the safeguards the two companies and the federal government had in place to protect the personal information of personnel who used relocation services.

November 23, 2023

• The RCMP is working to identify employees whose personal information could have been compromised.
• This is an evolving situation and further information will be shared here as it becomes available.

Notification of ransomware attack affecting RCMP employees

We want to make you aware of a ransomware attack on BGRS and SIRVA Canada. The company is contracted by Public Services and Procurement Canada to provide relocation support to Government of Canada employees, including the RCMP.

Treasury Board Secretariat was notified of the unauthorized access to Government of Canada employee information on September 29, 2023. It was confirmed on October 19 by the National Cybercrime Coordination Centre that the RCMP is affected.

The RCMP has been working closely with Public Services and Procurement Canada and BGRS for a number of weeks to determine the scope, timeframe and extent of the ransomware attack and stolen data. As you can appreciate, BGRS is a very large company and at this time, the scale or scope of the attack, including how many RCMP employees (all categories) it impacts or the extent of the data transfer, is unknown. We do know however that data associated to RCMP employees is among the leaked data circulating on the Dark Web.

Given this, all categories of employees who have used BGRS services are asked to read the message below from the Treasury Board of Canada Secretariat for tips to protect themselves and their information.

We understand the stress this may cause employees that have used the services provided by BGRS. You have our commitment to update you as we receive further information. Resources are available for you, including Peer to Peer and Employee Assistance Services (1-800-268-7708). Please make use of them. Your mental health is important.

Samantha Hazen
Chief Financial Officer

Nadine Huggins
Chief Human Resources Officer

Message to employees from the Treasury Board of Canada Secretariat

On September 29, 2023, the Government of Canada became aware of an incident affecting BGRS systems.

Since that time, the Government of Canada has been in contact with BGRS to understand the nature of the incident. BGRS has now confirmed that unauthorized access was obtained to Government of Canada employee information held by BGRS and as such we are providing notification of this incident. Employees who have a relocation file with BGRS should take precautionary measures including updating login credentials that may be similar to those used with BGRS, enabling multi-factor authentication on accounts that are used for online transactions, and monitoring their financial and personal online accounts for any unusual activity.

We will continue to assess the outcomes of the BGRS investigation so we can provide further guidance to employees and understand the overall impact to Government of Canada employees as a result of this data breach. The protection of the personal information of employees remains a priority for the Government of Canada.

You can also reach out to your departmental national relocation coordinators at rcmp.relocationdirective-directivereinstallation.grc@rcmp-grc.gc.ca, if you require assistance.

We will provide you with regular updates as we learn more about this situation.