Canadian Armed Forces | Forces armées canadiennes Company Cyber Security Posture
forces.caA career in the Canadian Armed Forces is more than a way to make a living. It’s a passport to a whole-life experience that will change you and allow you to change the lives of others. Join an organization that offers more than 100 different trades and professions. Obtain world-class qualifications and earn a competitive salary and benefits. In the Forces, you enjoy the stability of a steady career and the excitement of a job that offers travel, adventure, camaraderie, and the satisfaction of making a difference. For more videos and information about careers in the Canadian Armed Forces, visit FORCES.CA. _______________________________________________________________________ Une carrière dans les Forces armées canadiennes est plus qu'un simple moyen de gagner sa vie. C’est un passeport pour une expérience de toute une vie qui vous changera et vous permettra de changer la vie des autres. Joignez-vous à une organisation qui offre plus de 100 métiers et professions. Acquérez des qualifications de niveau mondial et bénéficiez d’un salaire et d’avantages concurrentiels. Au sein des Forces, vous jouissez de la stabilité d'une carrière assurée et vivez toute l'excitation d'un emploi qui offre des occasions de voyage et d’aventure, favorise la camaraderie et procure la satisfaction de faire une différence. Visitez FORCES.CA pour de plus amples renseignements et vidéos au sujet des carrières dans les Forces armées canadiennes.
CAF|FAC Company Details
canadianforces-forcescanada
18839 employees
176305.0
928
Armed Forces
forces.ca
Scan still pending
CAN_2356323
In-progress
CAF|FAC Risk Score (AI oriented)Between 800 and 900
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
CAF|FAC Global Score.png)
Canadian Armed Forces | Forces armées canadiennes Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 800 and 900 |
Canadian Armed Forces | Forces armées canadiennes Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Canada Revenue Agency - Agence du revenu du Canada | Breach | 85 | 4 | 06/2018 | CAN17246822 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Canada Revenue Agency logs 2,338 privacy breaches in just under 2 years. The personal, confidential information of over 80,000 individual Canadians held by the Canada Revenue Agency may have been accessed without authorization over the last 21 months. But only a handful affected a large number of Canadians. | |||||||
| Public Services and Procurement Canada | Breach | 60 | 3 | 09/2018 | PUB110311022 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: A significant data breach happened in the federal government after a device was stolen from Public Services and Procurement Canada. PSPC is Infrastructure Canada’s service provider for pay, pension and benefits. All 227 employees were affected are at Infrastructure Canada No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address and salary range may have been compromised. | |||||||
| Canada Border Services Agency | Agence des services frontaliers du Canada | Breach | 80 | 4 | 10/2022 | CAN206221122 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Canada Border Services Agency suffered a data breach incident after a contractor led to the unauthorised access of up to 1.38 million licence plates and related information. The investigation found that the contract lacked clauses with respect to security safeguards, including for the protection and retention of personal information. Bad actors were able to break into the third-party contractors’ systems through an unpatched and decommissioned server, where they were able to access, copy, and remove files from the network, before posting some of the data on the dark web. The breach exposed around 9,000 licence plate photos of travellers crossing into Canada from the border crossing in Cornwall, Ontario. | |||||||
| Government of Canada | Cyber Attack | 100 | 6 | 06/2015 | GOV192330422 | Link | |
Rankiteo Explanation : Attack threatening the economy of a geographical regionDescription: Several Canadian government websites and servers were targeted in a cyberattack by the hacking group Anonymous. The attack affected several websites for government services, including canada.ca, as well as the site of Canada’s spy agency, the Canadian Security Intelligence Service (CSIS). The attack was aimed to show their retaliation for a new anti-terrorism law passed by Canada’s politicians. | |||||||
| Public Services and Procurement Canada | Cyber Attack | 85 | 4 | 08/2022 | PUB2215251022 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: A device was stolen from Public Services and Procurement Canada. PSPC is Infrastructure Canada’s service provider for pay, pension and benefits. All 227 employees affected are at Infrastructure Canada. The device in question was stolen on Aug 20 and affected employees were informed on Sept 7. No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address and salary range have been compromised. Ottawa police have been made aware of the incident. | |||||||
| Government of Canada | Data Leak | 60 | 3 | 08/2018 | GOV12181122 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The governments of Canada was exposed to the entire internet details of software bugs and security plans, as well as passwords for servers, official internet domains, conference calls, and an event-planning system by misconfiguring pages on Trello, a project management website. 25 Canadian government trello boards had sensitive information, such as remote file access, or FTP, credentials, and login details for the Eventbrite event-planning platform. The government of Canada said, Departments and agencies of the Government of Canada must apply adequate security controls to protect their users, information, and assets. Employees are being reminded of their obligation never to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service. | |||||||
Canadian Armed Forces | Forces armées canadiennes Company Subsidiaries
A career in the Canadian Armed Forces is more than a way to make a living. It’s a passport to a whole-life experience that will change you and allow you to change the lives of others. Join an organization that offers more than 100 different trades and professions. Obtain world-class qualifications and earn a competitive salary and benefits. In the Forces, you enjoy the stability of a steady career and the excitement of a job that offers travel, adventure, camaraderie, and the satisfaction of making a difference. For more videos and information about careers in the Canadian Armed Forces, visit FORCES.CA. _______________________________________________________________________ Une carrière dans les Forces armées canadiennes est plus qu'un simple moyen de gagner sa vie. C’est un passeport pour une expérience de toute une vie qui vous changera et vous permettra de changer la vie des autres. Joignez-vous à une organisation qui offre plus de 100 métiers et professions. Acquérez des qualifications de niveau mondial et bénéficiez d’un salaire et d’avantages concurrentiels. Au sein des Forces, vous jouissez de la stabilité d'une carrière assurée et vivez toute l'excitation d'un emploi qui offre des occasions de voyage et d’aventure, favorise la camaraderie et procure la satisfaction de faire une différence. Visitez FORCES.CA pour de plus amples renseignements et vidéos au sujet des carrières dans les Forces armées canadiennes.
Access Data Using Our API
Get company history
Rapid.png)
CAF|FAC Cyber Security News
Our Statement on "Securing Canada" Defence Spending Announcement
For years, the Canadian Chamber of Commerce has understood the importance of adequately funding our military, so that the Canadian Armed Forces can defend our ...
Army officer’s research shines a light on Latin American veterans
Among the more remarkable stories uncovered by Capt Garcia-Salas is that of Flying Officer Luis Perez-Gomez, a Mexican whose application to join ...
CAF|FAC Similar Companies
U.S. Navy Reserve
MISSION Throughout all 50 states and around the world, the Navy Reserve force delivers real-world capabilities and expertise to support the Navy mission — building a more lethal, warfighting culture focused on great power competition. VISION The Navy Reserve provides essential naval warfighting c
Department of National Defence/Ministère de la défense nationale
The Department of National Defence (DND) is a Canadian government department responsible for defending Canada's interests and values at home and abroad, as well as contributing to international peace and security. DND is the largest department of the Government of Canada in terms of budget as well a
Turkish Navy
Deniz Kuvvetleri Komutanlığı 06100 Bakanlıklar /ANKARA +90 (312) 417 3065 +90 (312) 417 6250 (Pbx) [email protected] Show more Show less
U.S. Coast Guard
The mission of the U.S. Coast Guard is to protect the public, the environment, and U.S. economic interests — along the coast and our coastal borders, in the nation's ports and waterways, in international waters, or in any maritime region as required to support national security. As one of the six b
United States Department of Defense
The mission of the Department of Defense is to provide military forces necessary to protect the security of our country. The U.S. military defends the homeland, deters adversaries, and builds security around the world by projecting U.S. influence and working with allies and partners. In case deterre
Swedish Armed Forces
The Swedish Armed Forces is one of the biggest authorities in Sweden and is headed by a Supreme Commander. The deputy leader of the authority is the Director General. As the only authority permitted to engage in armed combat, the Swedish Armed Forces are Sweden’s ultimate security policy resource
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CAF|FAC CyberSecurity History Information
How many cyber incidents has CAF|FAC faced?
Total Incidents: According to Rankiteo, CAF|FAC has faced 6 incidents in the past.
What types of cybersecurity incidents have occurred at CAF|FAC?
Incident Types: The types of cybersecurity incidents that have occurred incidents Breach, Cyber Attack and Data Leak.
How does CAF|FAC detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through remediation measures with Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service. and law enforcement notified with Ottawa Police.
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: Canada Border Services Agency Data Breach
Description: Canada Border Services Agency suffered a data breach incident after a contractor led to the unauthorised access of up to 1.38 million licence plates and related information.
Type: Data Breach
Attack Vector: Unpatched and decommissioned server
Vulnerability Exploited: Lack of security safeguards in the contract
Threat Actor: Unspecified bad actors
Incident : Data Exposure
Title: Canadian Government Data Exposure via Trello
Description: The government of Canada exposed sensitive information including software bugs, security plans, server passwords, official internet domains, conference calls, and event-planning system details due to misconfigured Trello boards.
Type: Data Exposure
Attack Vector: Misconfiguration
Vulnerability Exploited: Misconfigured third-party service
Incident : Data Breach
Title: Data Breach at Infrastructure Canada
Description: A significant data breach happened in the federal government after a device was stolen from Public Services and Procurement Canada (PSPC). PSPC is Infrastructure Canada’s service provider for pay, pension, and benefits. All 227 employees were affected at Infrastructure Canada. No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address, and salary range may have been compromised.
Type: Data Breach
Attack Vector: Device Theft
Incident : Data Breach
Title: Device Theft at Public Services and Procurement Canada
Description: A device was stolen from Public Services and Procurement Canada, compromising personal information of 227 employees at Infrastructure Canada.
Date Detected: 2023-08-20
Date Publicly Disclosed: 2023-09-07
Type: Data Breach
Attack Vector: Physical Theft
Incident : Data Breach
Title: Canada Revenue Agency Privacy Breaches
Description: The personal, confidential information of over 80,000 individual Canadians held by the Canada Revenue Agency may have been accessed without authorization over the last 21 months.
Type: Data Breach
Incident : Cyberattack
Title: Cyberattack on Canadian Government Websites
Description: Several Canadian government websites and servers were targeted in a cyberattack by the hacking group Anonymous. The attack affected several websites for government services, including canada.ca, as well as the site of Canada’s spy agency, the Canadian Security Intelligence Service (CSIS). The attack was aimed to show their retaliation for a new anti-terrorism law passed by Canada’s politicians.
Type: Cyberattack
Threat Actor: Anonymous
Motivation: Retaliation for a new anti-terrorism law
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Unpatched and decommissioned server.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach CAN206221122
Data Compromised: Licence plates, Related information
Incident : Data Exposure GOV12181122
Data Compromised: software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details
Systems Affected: Trello boards
Incident : Data Breach PUB110311022
Data Compromised: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Incident : Data Breach PUB2215251022
Data Compromised: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Incident : Data Breach CAN17246822
Data Compromised: Personal, Confidential
Incident : Cyberattack GOV192330422
Systems Affected: canada.ca, CSIS website
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Licence plates, Related information, software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Personal Information, Personal and Confidential.
Which entities were affected by each incident?
Incident : Data Breach CAN206221122
Entity Type: Government Agency
Industry: Government
Location: Canada
Incident : Data Breach PUB110311022
Entity Type: Government Agency
Industry: Government
Size: 227 employees
Incident : Data Breach PUB2215251022
Entity Type: Government Agency
Industry: Public Services
Location: Canada
Size: 227 employees affected
Incident : Data Breach CAN17246822
Entity Type: Government
Industry: Public Sector
Location: Canada
Customers Affected: 80000
Response to the Incidents
What measures were taken in response to each incident?
Incident : Data Exposure GOV12181122
Remediation Measures: Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service.
Incident : Data Breach PUB2215251022
Law Enforcement Notified: Ottawa Police
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach CAN206221122
Type of Data Compromised: Licence plates, Related information
Number of Records Exposed: 1.38 million
Data Exfiltration: Yes
Personally Identifiable Information: Licence plate photos
Incident : Data Exposure GOV12181122
Type of Data Compromised: software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details
Sensitivity of Data: High
Incident : Data Breach PUB110311022
Type of Data Compromised: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Number of Records Exposed: 227
Sensitivity of Data: High
Personally Identifiable Information: Name, Person Record Identifier (PRI), Date of Birth, Home Address
Incident : Data Breach PUB2215251022
Type of Data Compromised: Personal Information
Number of Records Exposed: 227
Sensitivity of Data: Medium
Personally Identifiable Information: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Incident : Data Breach CAN17246822
Type of Data Compromised: Personal, Confidential
Number of Records Exposed: 80000
Sensitivity of Data: High
Personally Identifiable Information: True
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service..
Lessons Learned and Recommendations
What lessons were learned from each incident?
Incident : Data Breach CAN206221122
Lessons Learned: Ensure contracts include security safeguards for the protection and retention of personal information.
Incident : Data Exposure GOV12181122
Lessons Learned: Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.
What recommendations were made to prevent future incidents?
Incident : Data Exposure GOV12181122
Recommendations: Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage.
What are the key lessons learned from past incidents?
Key Lessons Learned: The key lessons learned from past incidents are Ensure contracts include security safeguards for the protection and retention of personal information.Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage..
References
Where can I find more information about each incident?
Incident : Data Breach CAN17246822
Source: Public Disclosure
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Public Disclosure.
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Data Breach CAN206221122
Entry Point: Unpatched and decommissioned server
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Data Breach CAN206221122
Root Causes: Lack of security safeguards in the contract; Unpatched and decommissioned server
Incident : Data Exposure GOV12181122
Root Causes: Misconfiguration of Trello boards leading to exposure of sensitive information.
Corrective Actions: Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools.
What corrective actions has the company taken based on post-incident analysis?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools..
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an Unspecified bad actors and Anonymous.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2023-08-20.
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-09-07.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Licence plates, Related information, software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Personal and Confidential.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident were Trello boards and canada.ca, CSIS website.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Licence plates, Related information, software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Personal and Confidential.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.4M.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Ensure contracts include security safeguards for the protection and retention of personal information., Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage..
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident is Public Disclosure.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Unpatched and decommissioned server.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Lack of security safeguards in the contract; Unpatched and decommissioned server, Misconfiguration of Trello boards leading to exposure of sensitive information..
What was the most significant corrective action taken based on post-incident analysis?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools..
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
