'BlueLeaks' data breach involved 38 Canadian police forces

Confidential law enforcement data belonging to 38 Canadian police agencies has been exposed by a group of so-called hacktiviststargeting police in the U.S., Radio-Canada has learned.

The group Distributed Denial of Secrets (DDoSecrets)published thousands of documentsamounting to 269 gigabytes online in June. Members of the group say the documents were obtained from members of the hacker collectiveAnonymous.

The leakcame from cyberattacks on American police agencies or their suppliers. Information from police services across the U.S., including emails, training notes and expense reports, was published online.

The RCMPhas confirmed it was one of the agencies affected by the leak. In a statement, the RCMP said the National Cybercrime Coordination Unit (NC3) and RCMP cyber intelligence led an investigation to determine the effect of the leak on various RCMP jurisdictions and other Canadian police agencies.

'No secret information,' RCMP says

The leaked information involving Canadian law enforcement did not have a major impact on sensitive operations and was generally related to "training, administration and unclassified material which is non-sensitive in nature," the RCMP said in a statement.

"We found that there was no secret information that was disclosed," saidInsp. Daniel Ct, the officer in charge of NC3. "All the information that was online was administrative in nature."

The RCMPdeclined toidentify the other Canadian police agencies involved, "for privacy and operational reasons."

But Steve Waterhouse, a cybersecurity expert and formercybersecurity officer for the Department of National Defence, arguedeven administrative data can be damaging if it gets into the wrong hands.

"It could be emails or phone numbers of police officers in that stash of information, and they can sell it or use it to physically harm or harass police officers' families," Waterhouse said.

Privacy commissioner notified 3 months later

The RCMP said it takes any privacy breach seriouslyand thatpast and current employees involved in the breach are being notified.

The Office of the Privacy Commissioner of Canada received a report from the RCMP about the leak on Sept. 18, almost threemonths after it occurred.

In a statement, theoffice said it is reviewing the report and saidthe incident raises serious concerns, "given the sensitivity of the information involved."