NRC writes companies potentially affected by data breach

Canadas National Research Council is sending letters to companies who shared sensitive information with it, warning their commercial secrets could be in the hands of hackers after last months data breach.

Ottawa start-up TwelveDot Labs said theyre one of the many companies who gave the NRC information and were told this week it may have been compromised.

• Chinese cyberattack hits Canada's National Research Council
• Cyberattack breached system holding personal data: privacy watchdog

"We have to put in a lot of our IP, or our engineering/science aspects, to be able to qualify for certain credits and things like that that we get from the government,"said TwelveDot owner Faud Khan.

"We give that to them lock, stock and barrel," said Khan.

The Canadian government said a highly sophisticated Chinese state-sponsored hacker is behind the breach, a claim Beijing has denied.

Experts say Canada's cybersecurityefforts lacking

Khan said if thats the case, a Chinese company could take his research and pirate it before he could get a patent.

Cybersecurityexpert Patrick Malcolm said the data could be anywhere by now.

"In this particular case, it's possible that the information is being duplicated and resold to other people and they're all interested in competing globally against Canadianinterests,"said Malcolm.

Khan said the Canadian government has been too relaxed about cybersecurity, asking companies to get them data in clear text instead of encrypted (or protected), for example.

Experts say Canada spends considerably less per capita on cybersecurity than many allies and its not an area they should be looking to save money in.

I'm trying to use this, if I can, as a wake-up call to businesses to go to our government and say you know there (are) better ways to do this, why aren't we doing it the better way?" Khan said.

Canadas chief information officer said last week the NRCs IT system has been "isolated"to make sure no other departments get breached.

The NRC, which works with private businesses to create technological innovation, said it could take as long as a year to secure their system again.