CBSAADSFDC
Company Details
Linkedin ID:
cbsa-asfc
Website:
Employees number:
4,341
Number of followers:
304,365
NAICS:
92
Industry Type:
Homepage:
cbsa-asfc.gc.ca
IP Addresses:
0
Company ID:
CAN_2160226
Scan Status:
In-progress
Canada Border Services Agency | Agence des services frontaliers du Canada Company CyberSecurity Posture
cbsa-asfc.gc.ca
The Canada Border Services Agency (CBSA) ensures Canada's security and prosperity by facilitating and overseeing international travel and trade across Canada's border. Terms of Use: http://ow.ly/g7xq30ldyN6 --- L'Agence des services frontaliers du Canada (ASFC) contribue à la sécurité et à la prospérité des Canadiens en facilitant et en surveillant les déplacements et les échanges commerciaux internationaux à la frontière du Canada. Modalités d'utilisation : http://ow.ly/FUrv30r6n71
Canada Border Services Agency | Agence des services frontaliers du Canada A.I CyberSecurity Scoring
CBSAADSFDC Risk Score (AI oriented)Between 700 and 749
CBSAADSFDC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CBSAADSFDC Global Score (TPRM)XXXX
CBSAADSFDC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CBSAADSFDC Company CyberSecurity News & History
Past Incidents
8
Attack Types
3
Canada Border Services Agency | Agence des services frontaliers du Canada
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Canada Border Services Agency suffered a data breach incident after a contractor led to the unauthorised access of up to 1.38 million licence plates and related information. The investigation found that the contract lacked clauses with respect to security safeguards, including for the protection and retention of personal information. Bad actors were able to break into the third-party contractors’ systems through an unpatched and decommissioned server, where they were able to access, copy, and remove files from the network, before posting some of the data on the dark web. The breach exposed around 9,000 licence plate photos of travellers crossing into Canada from the border crossing in Cornwall, Ontario.
Canada Revenue Agency - Agence du revenu du Canada
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Canada Revenue Agency logs 2,338 privacy breaches in just under 2 years. The personal, confidential information of over 80,000 individual Canadians held by the Canada Revenue Agency may have been accessed without authorization over the last 21 months. But only a handful affected a large number of Canadians.
Government of Canada
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of a geographical region
Description: Several Canadian government websites and servers were targeted in a cyberattack by the hacking group Anonymous. The attack affected several websites for government services, including canada.ca, as well as the site of Canada’s spy agency, the Canadian Security Intelligence Service (CSIS). The attack was aimed to show their retaliation for a new anti-terrorism law passed by Canada’s politicians.
Government of Canada
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The governments of Canada was exposed to the entire internet details of software bugs and security plans, as well as passwords for servers, official internet domains, conference calls, and an event-planning system by misconfiguring pages on Trello, a project management website. 25 Canadian government trello boards had sensitive information, such as remote file access, or FTP, credentials, and login details for the Eventbrite event-planning platform. The government of Canada said, Departments and agencies of the Government of Canada must apply adequate security controls to protect their users, information, and assets. Employees are being reminded of their obligation never to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service.
Tiffany & Co.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A data breach at Tiffany & Co. is under investigation by the **Office of the Privacy Commissioner of Canada** after the company reported the incident. The breach, which occurred in **May** but was only discovered in **September**, has impacted Canadian and U.S. customers, though the exact number of affected accounts remains unclear. The privacy commissioner is reviewing Tiffany & Co.’s response to ensure adequate measures are taken to protect the compromised personal information of Canadians. A formal breach report was submitted to the **Maine attorney general**, indicating potential exposure of customer data. The nature of the breach suggests unauthorized access to personal information, though specific details—such as whether financial data, contact information, or other sensitive records were leaked—have not been disclosed. The incident is still under regulatory scrutiny, with authorities assessing compliance and next steps to mitigate risks for affected individuals.
Public Services and Procurement Canada
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: A significant data breach happened in the federal government after a device was stolen from Public Services and Procurement Canada. PSPC is Infrastructure Canada’s service provider for pay, pension and benefits. All 227 employees were affected are at Infrastructure Canada No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address and salary range may have been compromised.
Public Services and Procurement Canada
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A device was stolen from Public Services and Procurement Canada. PSPC is Infrastructure Canada’s service provider for pay, pension and benefits. All 227 employees affected are at Infrastructure Canada. The device in question was stolen on Aug 20 and affected employees were informed on Sept 7. No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address and salary range have been compromised. Ottawa police have been made aware of the incident.
Transport Canada
Breach
Rankiteo Explanation
Attack without any consequences: Attack in which data is not compromised
Description: Transport Canada experienced a cybersecurity incident involving a **local breach in a cloud-based software provider** used by the agency. While the breach was contained, it prompted a collaborative response with federal security partners, including law enforcement, to assess potential risks. The agency emphasized that **no direct impacts were reported on airport operations, safety, or security**, suggesting the breach did not compromise critical transportation systems or sensitive data. However, the incident raised concerns about operational efficiency and the need for proactive mitigation against future cyber threats. Transport Canada is actively working with air operators to strengthen defenses against similar incidents, whether cyber-related or otherwise, to ensure uninterrupted transportation safety and security. The breach appears to have been isolated, with no evidence of data theft, financial loss, or reputational damage beyond internal investigations and preventive measures.
CBSAADSFDC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CBSAADSFDC
Incidents vs Government Administration Industry Average (This Year)
No incidents recorded for Canada Border Services Agency | Agence des services frontaliers du Canada in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Canada Border Services Agency | Agence des services frontaliers du Canada in 2025.
Incident Types CBSAADSFDC vs Government Administration Industry Avg (This Year)
No incidents recorded for Canada Border Services Agency | Agence des services frontaliers du Canada in 2025.
Incident History — CBSAADSFDC (X = Date, Y = Severity)
CBSAADSFDC cyber incidents detection timeline including parent company and subsidiaries
CBSAADSFDC Company Subsidiaries
The Canada Border Services Agency (CBSA) ensures Canada's security and prosperity by facilitating and overseeing international travel and trade across Canada's border. Terms of Use: http://ow.ly/g7xq30ldyN6 --- L'Agence des services frontaliers du Canada (ASFC) contribue à la sécurité et à la prospérité des Canadiens en facilitant et en surveillant les déplacements et les échanges commerciaux internationaux à la frontière du Canada. Modalités d'utilisation : http://ow.ly/FUrv30r6n71
Loading...
CBSAADSFDC Similar Companies
Transportation Security Administration (TSA)
The Transportation Security Administration (TSA) is a component agency of the U.S. Department of Homeland Security (DHS), committed to securing the nation’s transportation systems to ensure safe and efficient travel for all. Our mission is to protect the American people by preventing threats and dis
Government of Canada
The Government of Canada works on behalf of Canadians, both at home and abroad. Visit www.Canada.ca to learn more. Canada’s professional, non-partisan public service is among the best in the world, and many of its departments and agencies place in Canada’s Top 100 Employers year after year. If you
State of Tennessee
State government is the largest employer in Tennessee, with approximately 43,500 employees in the three branches of government. The State of Tennessee has approximately 1,300 different job classifications in areas such as administrative, health services, historic preservation, legal, agriculture, co
U.S. Census Bureau
The Census Bureau serves as the nation’s leading provider of quality data about its people and economy. We have been headquartered in Suitland, Maryland since 1942, and currently employ about 4,285 staff members. We are part of the U.S. Department of Commerce and overseen by the Economics and Statis
Ministero dell'Agricoltura, della Sovranità alimentare e delle Foreste
Il Ministero dell'Agricoltura, della Sovranità alimentare e delle Foreste (Masaf) si occupa dell'elaborazione e del coordinamento delle linee politiche agricole, agroalimentari, forestali, della pesca e dell’ippica a livello nazionale e internazionale. Rappresenta l'Italia in sede europea nelle cont
Ville de Montréal
Montréal est la plus grande ville francophone d’Amérique et elle se distingue par sa vitalité culturelle exceptionnelle et des forces créatrices reconnues mondialement. Elle se développe un peu plus chaque jour en une ville contemporaine, inclusive et dynamique sur les plans économique, culturel
City of Los Angeles
The City of Los Angeles employs more than 45,000 people in a wide range of careers. Visit our website for information on current openings, including regular civil service positions, exempt and emergency appointment opportunities, in addition to internships! The City of Los Angeles is a Mayor-Counci
FEMA
Welcome to the official LinkedIn page for the Federal Emergency Management Agency (FEMA). When disaster strikes, America looks to FEMA to support survivors and first responders in communities all across the country. This page provides career related information, job announcements and relevant updat
European Commission
The Commission represents and upholds the interests of the EU as a whole, and is independent of national governments. The European Commission prepares legislation for adoption by the Council (representing the member countries) and the Parliament (representing the citizens). It administers the budge
.png)
CBSAADSFDC CyberSecurity News
November 27, 2025 09:05 PM
Examining Palo Alto Networks After Recent Share Price Decline and Cybersecurity Partnerships
Thinking about whether Palo Alto Networks is a buy right now? If you have even a hint of curiosity about the stock's value,...
November 27, 2025 08:56 PM
Virtual Infosec Africa and Exabeam launch AI-driven monthly-subscription cybersecurity solution for businesses
By Juliet ETEFE ([email protected]) Virtual Infosec Africa (VIA), in partnership with global cybersecurity firm Exabeam, has launched Ghana's...
November 27, 2025 08:42 PM
DIG Mohit Chawla recognised for excellence in cybersecurity
Mohit Chawla, Deputy Inspector General (DIG) of Himachal Pradesh Police, has been honoured with the Chief Information Security Officer...
November 27, 2025 07:43 PM
Cybersecurity expert warns of online shopping scams ahead of Black Friday weekend
CINCINNATI (WXIX) -As Black Friday weekend approaches, cybersecurity experts are warning shoppers about increased online scams targeting...
November 27, 2025 07:35 PM
Fasken’s Noteworthy News: Privacy & Cybersecurity in Canada, the US and the EU (November 2025)
There have been a lot of updates in privacy and cybersecurity in the last month. Read on to find out what they are.
November 27, 2025 07:30 PM
Cybersecurity experts alarmed by Snapchat's age-verification plan
As the social media ban for kids under 16 approaches, popular messaging app Snapchat says young people will be able to verify their age by...
November 27, 2025 07:00 PM
Protect Your Data This Thanksgiving! 🦃 The holidays bring more than just food and fun—they also bring a rise in cybercrime. From fake shopping deals to fraudulent charity donations, cybercriminals know the holiday season can make us distracted and rushed
November 27, 2025 07:00 PM
Zero Trust Architecture 2025: The Ultimate Cybersecurity Shield for Modern Enterprises
Zero Trust Architecture (ZTA) is the future of cybersecurity — it is more than just a catchphrase, but recognizes that “there is no user or...
November 27, 2025 05:20 PM
Report Names Teen in Scattered LAPSUS$ Hunters, Group Denies
A 15‑year‑old in Jordan who goes by the handle “Rey” online has been allegedly identified as a key figure in the hacking crew Scattered...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CBSAADSFDC CyberSecurity History Information
Official Website of Canada Border Services Agency | Agence des services frontaliers du Canada
The official website of Canada Border Services Agency | Agence des services frontaliers du Canada is https://www.cbsa-asfc.gc.ca/.
Canada Border Services Agency | Agence des services frontaliers du Canada’s AI-Generated Cybersecurity Score
According to Rankiteo, Canada Border Services Agency | Agence des services frontaliers du Canada’s AI-generated cybersecurity score is 734, reflecting their Moderate security posture.
How many security badges does Canada Border Services Agency | Agence des services frontaliers du Canada’ have ?
According to Rankiteo, Canada Border Services Agency | Agence des services frontaliers du Canada currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Canada Border Services Agency | Agence des services frontaliers du Canada have SOC 2 Type 1 certification ?
According to Rankiteo, Canada Border Services Agency | Agence des services frontaliers du Canada is not certified under SOC 2 Type 1.
Does Canada Border Services Agency | Agence des services frontaliers du Canada have SOC 2 Type 2 certification ?
According to Rankiteo, Canada Border Services Agency | Agence des services frontaliers du Canada does not hold a SOC 2 Type 2 certification.
Does Canada Border Services Agency | Agence des services frontaliers du Canada comply with GDPR ?
According to Rankiteo, Canada Border Services Agency | Agence des services frontaliers du Canada is not listed as GDPR compliant.
Does Canada Border Services Agency | Agence des services frontaliers du Canada have PCI DSS certification ?
According to Rankiteo, Canada Border Services Agency | Agence des services frontaliers du Canada does not currently maintain PCI DSS compliance.
Does Canada Border Services Agency | Agence des services frontaliers du Canada comply with HIPAA ?
According to Rankiteo, Canada Border Services Agency | Agence des services frontaliers du Canada is not compliant with HIPAA regulations.
Does Canada Border Services Agency | Agence des services frontaliers du Canada have ISO 27001 certification ?
According to Rankiteo,Canada Border Services Agency | Agence des services frontaliers du Canada is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Canada Border Services Agency | Agence des services frontaliers du Canada
Canada Border Services Agency | Agence des services frontaliers du Canada operates primarily in the Government Administration industry.
Number of Employees at Canada Border Services Agency | Agence des services frontaliers du Canada
Canada Border Services Agency | Agence des services frontaliers du Canada employs approximately 4,341 people worldwide.
Subsidiaries Owned by Canada Border Services Agency | Agence des services frontaliers du Canada
Canada Border Services Agency | Agence des services frontaliers du Canada presently has no subsidiaries across any sectors.
Canada Border Services Agency | Agence des services frontaliers du Canada’s LinkedIn Followers
Canada Border Services Agency | Agence des services frontaliers du Canada’s official LinkedIn profile has approximately 304,365 followers.
NAICS Classification of Canada Border Services Agency | Agence des services frontaliers du Canada
Canada Border Services Agency | Agence des services frontaliers du Canada is classified under the NAICS code 92, which corresponds to Public Administration.
Canada Border Services Agency | Agence des services frontaliers du Canada’s Presence on Crunchbase
No, Canada Border Services Agency | Agence des services frontaliers du Canada does not have a profile on Crunchbase.
Canada Border Services Agency | Agence des services frontaliers du Canada’s Presence on LinkedIn
Yes, Canada Border Services Agency | Agence des services frontaliers du Canada maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/cbsa-asfc.
Cybersecurity Incidents Involving Canada Border Services Agency | Agence des services frontaliers du Canada
As of November 27, 2025, Rankiteo reports that Canada Border Services Agency | Agence des services frontaliers du Canada has experienced 8 cybersecurity incidents.
Number of Peer and Competitor Companies
Canada Border Services Agency | Agence des services frontaliers du Canada has an estimated 11,116 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Canada Border Services Agency | Agence des services frontaliers du Canada ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach, Data Leak and Cyber Attack.
How does Canada Border Services Agency | Agence des services frontaliers du Canada detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an law enforcement notified with ottawa police, and remediation measures with employees reminded of their obligation not to communicate or store sensitive information on trello boards or any other unauthorized digital tool or service., and and remediation measures with under review by the office of the privacy commissioner of canada, and and third party assistance with federal security partners, and and remediation measures with collaboration with air operators to mitigate consequences..
Incident Details
Can you provide details on each incident ?
Title: Cyberattack on Canadian Government Websites
Description: Several Canadian government websites and servers were targeted in a cyberattack by the hacking group Anonymous. The attack affected several websites for government services, including canada.ca, as well as the site of Canada’s spy agency, the Canadian Security Intelligence Service (CSIS). The attack was aimed to show their retaliation for a new anti-terrorism law passed by Canada’s politicians.
Type: Cyberattack
Threat Actor: Anonymous
Motivation: Retaliation for a new anti-terrorism law
Title: Canada Revenue Agency Privacy Breaches
Description: The personal, confidential information of over 80,000 individual Canadians held by the Canada Revenue Agency may have been accessed without authorization over the last 21 months.
Type: Data Breach
Title: Device Theft at Public Services and Procurement Canada
Description: A device was stolen from Public Services and Procurement Canada, compromising personal information of 227 employees at Infrastructure Canada.
Date Detected: 2023-08-20
Date Publicly Disclosed: 2023-09-07
Type: Data Breach
Attack Vector: Physical Theft
Title: Data Breach at Infrastructure Canada
Description: A significant data breach happened in the federal government after a device was stolen from Public Services and Procurement Canada (PSPC). PSPC is Infrastructure Canada’s service provider for pay, pension, and benefits. All 227 employees were affected at Infrastructure Canada. No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address, and salary range may have been compromised.
Type: Data Breach
Attack Vector: Device Theft
Title: Canadian Government Data Exposure via Trello
Description: The government of Canada exposed sensitive information including software bugs, security plans, server passwords, official internet domains, conference calls, and event-planning system details due to misconfigured Trello boards.
Type: Data Exposure
Attack Vector: Misconfiguration
Vulnerability Exploited: Misconfigured third-party service
Title: Canada Border Services Agency Data Breach
Description: Canada Border Services Agency suffered a data breach incident after a contractor led to the unauthorised access of up to 1.38 million licence plates and related information.
Type: Data Breach
Attack Vector: Unpatched and decommissioned server
Vulnerability Exploited: Lack of security safeguards in the contract
Threat Actor: Unspecified bad actors
Title: Data Breach at Tiffany & Co.
Description: A data breach at Tiffany & Co. is under review by the Office of the Privacy Commissioner of Canada (OPC). The OPC is ensuring the jewelry company is taking adequate steps to address the breach and protect the personal information of Canadians. The breach was reported to the OPC, and a letter filed with the Maine attorney general indicates it occurred in May 2025 and was discovered in September 2025. The breach also appears to have affected the United States, though the number of impacted Canadian accounts remains unclear.
Date Detected: 2025-09
Date Publicly Disclosed: 2025-09-17
Type: Data Breach
Title: None
Description: A cyber incident involving a breach at a cloud-based software provider impacted Transport Canada. The agency is working with federal security partners, including law enforcement, to ensure no impacts on airport operations' safety and security. Mitigation efforts are underway to prevent future disruptions.
Type: Cyber Breach (Third-Party Cloud Provider)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Unpatched and decommissioned server.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyberattack GOV192330422
Systems Affected: canada.caCSIS website
Incident : Data Breach CAN17246822
Data Compromised: Personal, Confidential
Incident : Data Breach PUB2215251022
Data Compromised: Name, Person record identifier (pri), Date of birth, Home address, Salary range
Incident : Data Breach PUB110311022
Data Compromised: Name, Person record identifier (pri), Date of birth, Home address, Salary range
Incident : Data Exposure GOV12181122
Data Compromised: Software bugs, Security plans, Server passwords, Official internet domains, Conference calls, Event-planning system details
Systems Affected: Trello boards
Incident : Data Breach CAN206221122
Data Compromised: Licence plates, Related information
Incident : Data Breach OFF1002510091825
Brand Reputation Impact: Potential (under review)
Legal Liabilities: Under review by the Office of the Privacy Commissioner of Canada and Maine attorney general
Identity Theft Risk: Potential (personal information of Canadians affected)
Incident : Cyber Breach (Third-Party Cloud Provider) TRA2702227101825
Systems Affected: Cloud-based software provider (third-party)
Operational Impact: Potential disruption to transportation safety, security, and operational efficiency (mitigated)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal, Confidential, , Personal Information, , Name, Person Record Identifier (Pri), Date Of Birth, Home Address, Salary Range, , Software Bugs, Security Plans, Server Passwords, Official Internet Domains, Conference Calls, Event-Planning System Details, , Licence Plates, Related Information, and Personal information (details unspecified).
Which entities were affected by each incident ?
Incident : Cyberattack GOV192330422
Entity Name: Canadian Government
Entity Type: Government
Industry: Public Sector
Location: Canada
Incident : Data Breach CAN17246822
Entity Name: Canada Revenue Agency
Entity Type: Government
Industry: Public Sector
Location: Canada
Customers Affected: 80000
Incident : Data Breach PUB2215251022
Entity Name: Infrastructure Canada
Entity Type: Government Agency
Industry: Public Services
Location: Canada
Size: 227 employees affected
Incident : Data Breach PUB110311022
Entity Name: Infrastructure Canada
Entity Type: Government Agency
Industry: Government
Size: 227 employees
Incident : Data Exposure GOV12181122
Entity Name: Government of Canada
Entity Type: Government
Industry: Public Sector
Location: Canada
Incident : Data Breach CAN206221122
Entity Name: Canada Border Services Agency
Entity Type: Government Agency
Industry: Government
Location: Canada
Incident : Data Breach OFF1002510091825
Entity Name: Tiffany & Co.
Entity Type: Corporation
Industry: Luxury Jewelry/Retail
Location: CanadaUnited States
Incident : Cyber Breach (Third-Party Cloud Provider) TRA2702227101825
Entity Name: Transport Canada
Entity Type: Government Agency
Industry: Transportation / Aviation
Location: Canada
Incident : Cyber Breach (Third-Party Cloud Provider) TRA2702227101825
Entity Type: Cloud-Based Software Provider
Industry: Technology / Cloud Services
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach PUB2215251022
Law Enforcement Notified: Ottawa Police
Incident : Data Exposure GOV12181122
Remediation Measures: Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service.
Incident : Data Breach OFF1002510091825
Incident Response Plan Activated: True
Remediation Measures: Under review by the Office of the Privacy Commissioner of Canada
Incident : Cyber Breach (Third-Party Cloud Provider) TRA2702227101825
Incident Response Plan Activated: True
Third Party Assistance: Federal Security Partners.
Remediation Measures: Collaboration with air operators to mitigate consequences
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Federal security partners, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach CAN17246822
Type of Data Compromised: Personal, Confidential
Number of Records Exposed: 80000
Sensitivity of Data: High
Incident : Data Breach PUB2215251022
Type of Data Compromised: Personal information
Number of Records Exposed: 227
Sensitivity of Data: Medium
Personally Identifiable Information: NamePerson Record Identifier (PRI)Date of BirthHome AddressSalary Range
Incident : Data Breach PUB110311022
Type of Data Compromised: Name, Person record identifier (pri), Date of birth, Home address, Salary range
Number of Records Exposed: 227
Sensitivity of Data: High
Personally Identifiable Information: NamePerson Record Identifier (PRI)Date of BirthHome Address
Incident : Data Exposure GOV12181122
Type of Data Compromised: Software bugs, Security plans, Server passwords, Official internet domains, Conference calls, Event-planning system details
Sensitivity of Data: High
Incident : Data Breach CAN206221122
Type of Data Compromised: Licence plates, Related information
Number of Records Exposed: 1.38 million
Data Exfiltration: Yes
Personally Identifiable Information: Licence plate photos
Incident : Data Breach OFF1002510091825
Type of Data Compromised: Personal information (details unspecified)
Sensitivity of Data: High (personal information)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service., , Under review by the Office of the Privacy Commissioner of Canada, Collaboration with air operators to mitigate consequences.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach OFF1002510091825
Legal Actions: Under review by the Office of the Privacy Commissioner of Canada and Maine attorney general
Regulatory Notifications: Office of the Privacy Commissioner of CanadaMaine attorney general
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Under review by the Office of the Privacy Commissioner of Canada and Maine attorney general.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Exposure GOV12181122
Lessons Learned: Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.
Incident : Data Breach CAN206221122
Lessons Learned: Ensure contracts include security safeguards for the protection and retention of personal information.
What recommendations were made to prevent future incidents ?
Incident : Data Exposure GOV12181122
Recommendations: Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.Ensure contracts include security safeguards for the protection and retention of personal information.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage..
References
Where can I find more information about each incident ?
Incident : Data Breach CAN17246822
Source: Public Disclosure
Incident : Data Breach OFF1002510091825
Source: Office of the Privacy Commissioner of Canada (OPC) Breach Report
Incident : Data Breach OFF1002510091825
Source: Maine Attorney General Breach Letter
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Public Disclosure, and Source: The Canadian PressDate Accessed: 2025-09-17, and Source: Winnipeg Free PressDate Accessed: 2025-09-17, and Source: Office of the Privacy Commissioner of Canada (OPC) Breach Report, and Source: Maine Attorney General Breach Letter.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach OFF1002510091825
Investigation Status: Under review by the Office of the Privacy Commissioner of Canada
Incident : Cyber Breach (Third-Party Cloud Provider) TRA2702227101825
Investigation Status: Ongoing (collaboration with federal security partners and law enforcement)
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Cyber Breach (Third-Party Cloud Provider) TRA2702227101825
Stakeholder Advisories: Transport Canada is working with air operators to mitigate potential consequences.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Transport Canada is working with air operators to mitigate potential consequences..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach CAN206221122
Entry Point: Unpatched and decommissioned server
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Exposure GOV12181122
Root Causes: Misconfiguration of Trello boards leading to exposure of sensitive information.
Corrective Actions: Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools.
Incident : Data Breach CAN206221122
Root Causes: Lack of security safeguards in the contract; Unpatched and decommissioned server
Incident : Cyber Breach (Third-Party Cloud Provider) TRA2702227101825
Corrective Actions: Mitigation efforts to prevent similar incidents in the future
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Federal Security Partners, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools., Mitigation efforts to prevent similar incidents in the future.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Anonymous and Unspecified bad actors.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-08-20.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-09-17.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal, Confidential, , Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, , Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, , software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, , Licence plates, Related information, and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was canada.caCSIS website and Trello boards and Cloud-based software provider (third-party).
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was federal security partners, .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Licence plates, Confidential, Date of Birth, software bugs, conference calls, Related information, Name, Personal, security plans, Salary Range, event-planning system details, server passwords, official internet domains, Person Record Identifier (PRI) and Home Address.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.4M.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Under review by the Office of the Privacy Commissioner of Canada and Maine attorney general.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information., Ensure contracts include security safeguards for the protection and retention of personal information.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Public Disclosure, Office of the Privacy Commissioner of Canada (OPC) Breach Report, Maine Attorney General Breach Letter, Winnipeg Free Press and The Canadian Press.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Under review by the Office of the Privacy Commissioner of Canada.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Transport Canada is working with air operators to mitigate potential consequences., .
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Unpatched and decommissioned server.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Misconfiguration of Trello boards leading to exposure of sensitive information., Lack of security safeguards in the contract; Unpatched and decommissioned server.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools., Mitigation efforts to prevent similar incidents in the future.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=cbsa-asfc' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
