Canadian Armed Forces | Forces armées canadiennes Company Cyber Security Posture
forces.caA career in the Canadian Armed Forces is more than a way to make a living. It’s a passport to a whole-life experience that will change you and allow you to change the lives of others. Join an organization that offers more than 100 different trades and professions. Obtain world-class qualifications and earn a competitive salary and benefits. In the Forces, you enjoy the stability of a steady career and the excitement of a job that offers travel, adventure, camaraderie, and the satisfaction of making a difference. For more videos and information about careers in the Canadian Armed Forces, visit FORCES.CA. _______________________________________________________________________ Une carrière dans les Forces armées canadiennes est plus qu'un simple moyen de gagner sa vie. C’est un passeport pour une expérience de toute une vie qui vous changera et vous permettra de changer la vie des autres. Joignez-vous à une organisation qui offre plus de 100 métiers et professions. Acquérez des qualifications de niveau mondial et bénéficiez d’un salaire et d’avantages concurrentiels. Au sein des Forces, vous jouissez de la stabilité d'une carrière assurée et vivez toute l'excitation d'un emploi qui offre des occasions de voyage et d’aventure, favorise la camaraderie et procure la satisfaction de faire une différence. Visitez FORCES.CA pour de plus amples renseignements et vidéos au sujet des carrières dans les Forces armées canadiennes.
CAF|FAC Company Details
canadian-forces
18861 employees
177564.0
928
Armed Forces
forces.ca
Scan still pending
CAN_9145842
In-progress
CAF|FAC Risk Score (AI oriented)Between 800 and 900
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
CAF|FAC Global Score.png)
Canadian Armed Forces | Forces armées canadiennes Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 800 and 900 |
Canadian Armed Forces | Forces armées canadiennes Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Canada Revenue Agency - Agence du revenu du Canada | Breach | 85 | 4 | 06/2018 | CAN17246822 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Canada Revenue Agency logs 2,338 privacy breaches in just under 2 years. The personal, confidential information of over 80,000 individual Canadians held by the Canada Revenue Agency may have been accessed without authorization over the last 21 months. But only a handful affected a large number of Canadians. | |||||||
| Public Services and Procurement Canada | Breach | 60 | 3 | 09/2018 | PUB110311022 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: A significant data breach happened in the federal government after a device was stolen from Public Services and Procurement Canada. PSPC is Infrastructure Canada’s service provider for pay, pension and benefits. All 227 employees were affected are at Infrastructure Canada No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address and salary range may have been compromised. | |||||||
| Canada Border Services Agency | Agence des services frontaliers du Canada | Breach | 80 | 4 | 10/2022 | CAN206221122 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Canada Border Services Agency suffered a data breach incident after a contractor led to the unauthorised access of up to 1.38 million licence plates and related information. The investigation found that the contract lacked clauses with respect to security safeguards, including for the protection and retention of personal information. Bad actors were able to break into the third-party contractors’ systems through an unpatched and decommissioned server, where they were able to access, copy, and remove files from the network, before posting some of the data on the dark web. The breach exposed around 9,000 licence plate photos of travellers crossing into Canada from the border crossing in Cornwall, Ontario. | |||||||
| Government of Canada | Cyber Attack | 100 | 6 | 06/2015 | GOV192330422 | Link | |
Rankiteo Explanation : Attack threatening the economy of a geographical regionDescription: Several Canadian government websites and servers were targeted in a cyberattack by the hacking group Anonymous. The attack affected several websites for government services, including canada.ca, as well as the site of Canada’s spy agency, the Canadian Security Intelligence Service (CSIS). The attack was aimed to show their retaliation for a new anti-terrorism law passed by Canada’s politicians. | |||||||
| Public Services and Procurement Canada | Cyber Attack | 85 | 4 | 08/2022 | PUB2215251022 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: A device was stolen from Public Services and Procurement Canada. PSPC is Infrastructure Canada’s service provider for pay, pension and benefits. All 227 employees affected are at Infrastructure Canada. The device in question was stolen on Aug 20 and affected employees were informed on Sept 7. No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address and salary range have been compromised. Ottawa police have been made aware of the incident. | |||||||
| Government of Canada | Data Leak | 60 | 3 | 08/2018 | GOV12181122 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The governments of Canada was exposed to the entire internet details of software bugs and security plans, as well as passwords for servers, official internet domains, conference calls, and an event-planning system by misconfiguring pages on Trello, a project management website. 25 Canadian government trello boards had sensitive information, such as remote file access, or FTP, credentials, and login details for the Eventbrite event-planning platform. The government of Canada said, Departments and agencies of the Government of Canada must apply adequate security controls to protect their users, information, and assets. Employees are being reminded of their obligation never to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service. | |||||||
Canadian Armed Forces | Forces armées canadiennes Company Subsidiaries
A career in the Canadian Armed Forces is more than a way to make a living. It’s a passport to a whole-life experience that will change you and allow you to change the lives of others. Join an organization that offers more than 100 different trades and professions. Obtain world-class qualifications and earn a competitive salary and benefits. In the Forces, you enjoy the stability of a steady career and the excitement of a job that offers travel, adventure, camaraderie, and the satisfaction of making a difference. For more videos and information about careers in the Canadian Armed Forces, visit FORCES.CA. _______________________________________________________________________ Une carrière dans les Forces armées canadiennes est plus qu'un simple moyen de gagner sa vie. C’est un passeport pour une expérience de toute une vie qui vous changera et vous permettra de changer la vie des autres. Joignez-vous à une organisation qui offre plus de 100 métiers et professions. Acquérez des qualifications de niveau mondial et bénéficiez d’un salaire et d’avantages concurrentiels. Au sein des Forces, vous jouissez de la stabilité d'une carrière assurée et vivez toute l'excitation d'un emploi qui offre des occasions de voyage et d’aventure, favorise la camaraderie et procure la satisfaction de faire une différence. Visitez FORCES.CA pour de plus amples renseignements et vidéos au sujet des carrières dans les Forces armées canadiennes.
Access Data Using Our API
Get company history
Rapid.png)
CAF|FAC Cyber Security News
Our Statement on "Securing Canada" Defence Spending Announcement
For years, the Canadian Chamber of Commerce has understood the importance of adequately funding our military, so that the Canadian Armed Forces can defend our ...
Army officer’s research shines a light on Latin American veterans
Among the more remarkable stories uncovered by Capt Garcia-Salas is that of Flying Officer Luis Perez-Gomez, a Mexican whose application to join ...
CAF|FAC Similar Companies
Brazilian Navy
Mission : "To prepare and use the Naval Power, in order to contribute to the Defense of the Homeland; to guarantee the constitutional powers and, on the initiative of any of them, of law and order; to fulfill the subsidiary attributions provided for by Law; and to support the Foreign Policy". Futur
Israel Defense Forces
The Israel Defense Forces (IDF) is the military of the State of Israel, responsible for the nation's defense and security. Founded in 1948, the IDF ranks among the most battle-tested armed forces in the world, having had to defend the country in six major wars. At the age of 18, men and women are
U.S. Air Force Reserve
The Air Force Reserve is an integral component of our Nation's air defense and military support network. Reservists bring knowledge, skills and expertise from their civilian experiences to support critical missions and training around the globe, while working alongside their Active Duty Air Force me
United States Marine Corps
The United States Marine Corps (USMC) is a branch of the United States Armed Forces responsible for providing power projection, using the mobility of the United States Navy, by Congressional mandate, to deliver rapidly, combined-arms task forces on land, at sea, and in the air. The U.S. Marine Corps
U.S. Coast Guard
The mission of the U.S. Coast Guard is to protect the public, the environment, and U.S. economic interests — in the nation's ports and waterways, along the coast, on international waters, or in any maritime region as required to support national security. As one of the five branches of the Armed
US Army Corps of Engineers
U.S. Army Corps of Engineers Mission: Provide vital public engineering services in peace and war to strengthen our Nation’s security, energize the economy, and reduce risks from disasters. Privacy Policy/Social Media Guidelines: https://www.usace.army.mil/SocialMedia/ U.S. Army Corps of Engineers
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CAF|FAC CyberSecurity History Information
How many cyber incidents has CAF|FAC faced?
Total Incidents: According to Rankiteo, CAF|FAC has faced 6 incidents in the past.
What types of cybersecurity incidents have occurred at CAF|FAC?
Incident Types: The types of cybersecurity incidents that have occurred incidents Data Leak, Breach and Cyber Attack.
How does CAF|FAC detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through remediation measures with Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service. and law enforcement notified with Ottawa Police.
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: Canada Border Services Agency Data Breach
Description: Canada Border Services Agency suffered a data breach incident after a contractor led to the unauthorised access of up to 1.38 million licence plates and related information.
Type: Data Breach
Attack Vector: Unpatched and decommissioned server
Vulnerability Exploited: Lack of security safeguards in the contract
Threat Actor: Unspecified bad actors
Incident : Data Exposure
Title: Canadian Government Data Exposure via Trello
Description: The government of Canada exposed sensitive information including software bugs, security plans, server passwords, official internet domains, conference calls, and event-planning system details due to misconfigured Trello boards.
Type: Data Exposure
Attack Vector: Misconfiguration
Vulnerability Exploited: Misconfigured third-party service
Incident : Data Breach
Title: Data Breach at Infrastructure Canada
Description: A significant data breach happened in the federal government after a device was stolen from Public Services and Procurement Canada (PSPC). PSPC is Infrastructure Canada’s service provider for pay, pension, and benefits. All 227 employees were affected at Infrastructure Canada. No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address, and salary range may have been compromised.
Type: Data Breach
Attack Vector: Device Theft
Incident : Data Breach
Title: Device Theft at Public Services and Procurement Canada
Description: A device was stolen from Public Services and Procurement Canada, compromising personal information of 227 employees at Infrastructure Canada.
Date Detected: 2023-08-20
Date Publicly Disclosed: 2023-09-07
Type: Data Breach
Attack Vector: Physical Theft
Incident : Data Breach
Title: Canada Revenue Agency Privacy Breaches
Description: The personal, confidential information of over 80,000 individual Canadians held by the Canada Revenue Agency may have been accessed without authorization over the last 21 months.
Type: Data Breach
Incident : Cyberattack
Title: Cyberattack on Canadian Government Websites
Description: Several Canadian government websites and servers were targeted in a cyberattack by the hacking group Anonymous. The attack affected several websites for government services, including canada.ca, as well as the site of Canada’s spy agency, the Canadian Security Intelligence Service (CSIS). The attack was aimed to show their retaliation for a new anti-terrorism law passed by Canada’s politicians.
Type: Cyberattack
Threat Actor: Anonymous
Motivation: Retaliation for a new anti-terrorism law
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Unpatched and decommissioned server.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach CAN206221122
Data Compromised: Licence plates, Related information
Incident : Data Exposure GOV12181122
Data Compromised: software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details
Systems Affected: Trello boards
Incident : Data Breach PUB110311022
Data Compromised: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Incident : Data Breach PUB2215251022
Data Compromised: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Incident : Data Breach CAN17246822
Data Compromised: Personal, Confidential
Incident : Cyberattack GOV192330422
Systems Affected: canada.ca, CSIS website
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Licence plates, Related information, software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Personal Information, Personal and Confidential.
Which entities were affected by each incident?
Incident : Data Breach CAN206221122
Entity Type: Government Agency
Industry: Government
Location: Canada
Incident : Data Breach PUB110311022
Entity Type: Government Agency
Industry: Government
Size: 227 employees
Incident : Data Breach PUB2215251022
Entity Type: Government Agency
Industry: Public Services
Location: Canada
Size: 227 employees affected
Incident : Data Breach CAN17246822
Entity Type: Government
Industry: Public Sector
Location: Canada
Customers Affected: 80000
Response to the Incidents
What measures were taken in response to each incident?
Incident : Data Exposure GOV12181122
Remediation Measures: Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service.
Incident : Data Breach PUB2215251022
Law Enforcement Notified: Ottawa Police
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach CAN206221122
Type of Data Compromised: Licence plates, Related information
Number of Records Exposed: 1.38 million
Data Exfiltration: Yes
Personally Identifiable Information: Licence plate photos
Incident : Data Exposure GOV12181122
Type of Data Compromised: software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details
Sensitivity of Data: High
Incident : Data Breach PUB110311022
Type of Data Compromised: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Number of Records Exposed: 227
Sensitivity of Data: High
Personally Identifiable Information: Name, Person Record Identifier (PRI), Date of Birth, Home Address
Incident : Data Breach PUB2215251022
Type of Data Compromised: Personal Information
Number of Records Exposed: 227
Sensitivity of Data: Medium
Personally Identifiable Information: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Incident : Data Breach CAN17246822
Type of Data Compromised: Personal, Confidential
Number of Records Exposed: 80000
Sensitivity of Data: High
Personally Identifiable Information: True
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service..
Lessons Learned and Recommendations
What lessons were learned from each incident?
Incident : Data Breach CAN206221122
Lessons Learned: Ensure contracts include security safeguards for the protection and retention of personal information.
Incident : Data Exposure GOV12181122
Lessons Learned: Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.
What recommendations were made to prevent future incidents?
Incident : Data Exposure GOV12181122
Recommendations: Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage.
What are the key lessons learned from past incidents?
Key Lessons Learned: The key lessons learned from past incidents are Ensure contracts include security safeguards for the protection and retention of personal information.Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage..
References
Where can I find more information about each incident?
Incident : Data Breach CAN17246822
Source: Public Disclosure
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Public Disclosure.
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Data Breach CAN206221122
Entry Point: Unpatched and decommissioned server
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Data Breach CAN206221122
Root Causes: Lack of security safeguards in the contract; Unpatched and decommissioned server
Incident : Data Exposure GOV12181122
Root Causes: Misconfiguration of Trello boards leading to exposure of sensitive information.
Corrective Actions: Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools.
What corrective actions has the company taken based on post-incident analysis?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools..
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an Unspecified bad actors and Anonymous.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2023-08-20.
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-09-07.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Licence plates, Related information, software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Personal and Confidential.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident were Trello boards and canada.ca, CSIS website.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Licence plates, Related information, software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Personal and Confidential.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.4M.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Ensure contracts include security safeguards for the protection and retention of personal information., Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage..
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident is Public Disclosure.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Unpatched and decommissioned server.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Lack of security safeguards in the contract; Unpatched and decommissioned server, Misconfiguration of Trello boards leading to exposure of sensitive information..
What was the most significant corrective action taken based on post-incident analysis?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools..
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
