Canada Border Services Agency | Agence des services frontaliers du Canada Company Cyber Security Posture
cbsa-asfc.gc.caThe Canada Border Services Agency (CBSA) ensures Canada's security and prosperity by facilitating and overseeing international travel and trade across Canada's border. Terms of Use: http://ow.ly/g7xq30ldyN6 --- L'Agence des services frontaliers du Canada (ASFC) contribue à la sécurité et à la prospérité des Canadiens en facilitant et en surveillant les déplacements et les échanges commerciaux internationaux à la frontière du Canada. Modalités d'utilisation : http://ow.ly/FUrv30r6n71
CBSA|ADSFDC Company Details
cbsa-asfc
4341 employees
304365.0
922
Government Administration
cbsa-asfc.gc.ca
Scan still pending
CAN_2160226
In-progress
CBSA|ADSFDC Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
CBSA|ADSFDC Global Score.png)
Canada Border Services Agency | Agence des services frontaliers du Canada Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Canada Border Services Agency | Agence des services frontaliers du Canada Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Canada Revenue Agency - Agence du revenu du Canada | Breach | 85 | 4 | 06/2018 | CAN17246822 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Canada Revenue Agency logs 2,338 privacy breaches in just under 2 years. The personal, confidential information of over 80,000 individual Canadians held by the Canada Revenue Agency may have been accessed without authorization over the last 21 months. But only a handful affected a large number of Canadians. | |||||||
| Public Services and Procurement Canada | Breach | 60 | 3 | 09/2018 | PUB110311022 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: A significant data breach happened in the federal government after a device was stolen from Public Services and Procurement Canada. PSPC is Infrastructure Canada’s service provider for pay, pension and benefits. All 227 employees were affected are at Infrastructure Canada No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address and salary range may have been compromised. | |||||||
| Canada Border Services Agency | Agence des services frontaliers du Canada | Breach | 80 | 4 | 10/2022 | CAN206221122 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Canada Border Services Agency suffered a data breach incident after a contractor led to the unauthorised access of up to 1.38 million licence plates and related information. The investigation found that the contract lacked clauses with respect to security safeguards, including for the protection and retention of personal information. Bad actors were able to break into the third-party contractors’ systems through an unpatched and decommissioned server, where they were able to access, copy, and remove files from the network, before posting some of the data on the dark web. The breach exposed around 9,000 licence plate photos of travellers crossing into Canada from the border crossing in Cornwall, Ontario. | |||||||
| Government of Canada | Cyber Attack | 100 | 6 | 06/2015 | GOV192330422 | Link | |
Rankiteo Explanation : Attack threatening the economy of a geographical regionDescription: Several Canadian government websites and servers were targeted in a cyberattack by the hacking group Anonymous. The attack affected several websites for government services, including canada.ca, as well as the site of Canada’s spy agency, the Canadian Security Intelligence Service (CSIS). The attack was aimed to show their retaliation for a new anti-terrorism law passed by Canada’s politicians. | |||||||
| Public Services and Procurement Canada | Cyber Attack | 85 | 4 | 08/2022 | PUB2215251022 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: A device was stolen from Public Services and Procurement Canada. PSPC is Infrastructure Canada’s service provider for pay, pension and benefits. All 227 employees affected are at Infrastructure Canada. The device in question was stolen on Aug 20 and affected employees were informed on Sept 7. No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address and salary range have been compromised. Ottawa police have been made aware of the incident. | |||||||
| Government of Canada | Data Leak | 60 | 3 | 08/2018 | GOV12181122 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The governments of Canada was exposed to the entire internet details of software bugs and security plans, as well as passwords for servers, official internet domains, conference calls, and an event-planning system by misconfiguring pages on Trello, a project management website. 25 Canadian government trello boards had sensitive information, such as remote file access, or FTP, credentials, and login details for the Eventbrite event-planning platform. The government of Canada said, Departments and agencies of the Government of Canada must apply adequate security controls to protect their users, information, and assets. Employees are being reminded of their obligation never to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service. | |||||||
Canada Border Services Agency | Agence des services frontaliers du Canada Company Subsidiaries
The Canada Border Services Agency (CBSA) ensures Canada's security and prosperity by facilitating and overseeing international travel and trade across Canada's border. Terms of Use: http://ow.ly/g7xq30ldyN6 --- L'Agence des services frontaliers du Canada (ASFC) contribue à la sécurité et à la prospérité des Canadiens en facilitant et en surveillant les déplacements et les échanges commerciaux internationaux à la frontière du Canada. Modalités d'utilisation : http://ow.ly/FUrv30r6n71
Access Data Using Our API
Get company history
Rapid.png)
CBSA|ADSFDC Cyber Security News
3 Ontario businesses fined over $450,000 for employing over 700 unauthorized foreign workers
Three Ontario-based businesses have pleaded guilty to employing over 700 foreign nationals without authorization, resulting in substantial fines ...
CBSA|ADSFDC Similar Companies
General Directorate of Land Registry and Cadastre
The General Directorate of Land Registry and Cadastre (Tapu ve Kadastro Genel Müdürlügü) refers to the legislation regarding land registry and Cadastre in Turkey. Duties of General Directorate of Land Registry and Cadastre TO KEEP AND UPDATE LAND REGISTRY AND CADASTRE DATA OF THE COUNTRY UNDER
UWV
Bij UWV werken we aan een samenleving waarin iedereen mee kan doen. We helpen mensen op weg bij het vinden of behouden van werk. In geval van ziekte kijken we wat iemand nog wél kan. En als werken niet mogelijk is, zorgt UWV snel voor inkomen. We geven op deskundige en efficiënte wijze uitvoering
Wiener Stadtwerke GmbH
DIE Wiener Stadtwerke-Gruppe hält die lebenswerteste Stadt der Welt am Laufen. Dafür sorgen 18.000 Mitarbeiter*innen in den Bereichen Energie, Mobilität sowie Bestattung und Friedhöfe. Verlässlichkeit, Kompetenz und Innovationskraft sind die Basis dafür, dass wir den Wiener*innen rund um die U
National Park Service
Most people know that the National Park Service cares for national parks, a network of over 420 natural, cultural and recreational sites across the nation. The treasures in this system – the first of its kind in the world – have been set aside by the American people to preserve, protect, and share t
Government of Canada
The Government of Canada works on behalf of Canadians, both at home and abroad. Visit www.Canada.ca to learn more. Canada’s professional, non-partisan public service is among the best in the world, and many of its departments and agencies place in Canada’s Top 100 Employers year after year. If you
County of Santa Clara
The County of Santa Clara is located at the southern end of the San Francisco Bay and encompasses 1,312 square miles. It has one of the highest median family incomes in the country, and a wide diversity of cultures, backgrounds and talents. The County of Santa Clara continues to attract people fro
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CBSA|ADSFDC CyberSecurity History Information
How many cyber incidents has CBSA|ADSFDC faced?
Total Incidents: According to Rankiteo, CBSA|ADSFDC has faced 6 incidents in the past.
What types of cybersecurity incidents have occurred at CBSA|ADSFDC?
Incident Types: The types of cybersecurity incidents that have occurred incidents Cyber Attack, Breach and Data Leak.
How does CBSA|ADSFDC detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through remediation measures with Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service. and law enforcement notified with Ottawa Police.
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: Canada Border Services Agency Data Breach
Description: Canada Border Services Agency suffered a data breach incident after a contractor led to the unauthorised access of up to 1.38 million licence plates and related information.
Type: Data Breach
Attack Vector: Unpatched and decommissioned server
Vulnerability Exploited: Lack of security safeguards in the contract
Threat Actor: Unspecified bad actors
Incident : Data Exposure
Title: Canadian Government Data Exposure via Trello
Description: The government of Canada exposed sensitive information including software bugs, security plans, server passwords, official internet domains, conference calls, and event-planning system details due to misconfigured Trello boards.
Type: Data Exposure
Attack Vector: Misconfiguration
Vulnerability Exploited: Misconfigured third-party service
Incident : Data Breach
Title: Data Breach at Infrastructure Canada
Description: A significant data breach happened in the federal government after a device was stolen from Public Services and Procurement Canada (PSPC). PSPC is Infrastructure Canada’s service provider for pay, pension, and benefits. All 227 employees were affected at Infrastructure Canada. No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address, and salary range may have been compromised.
Type: Data Breach
Attack Vector: Device Theft
Incident : Data Breach
Title: Device Theft at Public Services and Procurement Canada
Description: A device was stolen from Public Services and Procurement Canada, compromising personal information of 227 employees at Infrastructure Canada.
Date Detected: 2023-08-20
Date Publicly Disclosed: 2023-09-07
Type: Data Breach
Attack Vector: Physical Theft
Incident : Data Breach
Title: Canada Revenue Agency Privacy Breaches
Description: The personal, confidential information of over 80,000 individual Canadians held by the Canada Revenue Agency may have been accessed without authorization over the last 21 months.
Type: Data Breach
Incident : Cyberattack
Title: Cyberattack on Canadian Government Websites
Description: Several Canadian government websites and servers were targeted in a cyberattack by the hacking group Anonymous. The attack affected several websites for government services, including canada.ca, as well as the site of Canada’s spy agency, the Canadian Security Intelligence Service (CSIS). The attack was aimed to show their retaliation for a new anti-terrorism law passed by Canada’s politicians.
Type: Cyberattack
Threat Actor: Anonymous
Motivation: Retaliation for a new anti-terrorism law
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Unpatched and decommissioned server.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach CAN206221122
Data Compromised: Licence plates, Related information
Incident : Data Exposure GOV12181122
Data Compromised: software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details
Systems Affected: Trello boards
Incident : Data Breach PUB110311022
Data Compromised: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Incident : Data Breach PUB2215251022
Data Compromised: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Incident : Data Breach CAN17246822
Data Compromised: Personal, Confidential
Incident : Cyberattack GOV192330422
Systems Affected: canada.ca, CSIS website
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Licence plates, Related information, software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Personal Information, Personal and Confidential.
Which entities were affected by each incident?
Incident : Data Breach CAN206221122
Entity Type: Government Agency
Industry: Government
Location: Canada
Incident : Data Breach PUB110311022
Entity Type: Government Agency
Industry: Government
Size: 227 employees
Incident : Data Breach PUB2215251022
Entity Type: Government Agency
Industry: Public Services
Location: Canada
Size: 227 employees affected
Incident : Data Breach CAN17246822
Entity Type: Government
Industry: Public Sector
Location: Canada
Customers Affected: 80000
Response to the Incidents
What measures were taken in response to each incident?
Incident : Data Exposure GOV12181122
Remediation Measures: Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service.
Incident : Data Breach PUB2215251022
Law Enforcement Notified: Ottawa Police
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach CAN206221122
Type of Data Compromised: Licence plates, Related information
Number of Records Exposed: 1.38 million
Data Exfiltration: Yes
Personally Identifiable Information: Licence plate photos
Incident : Data Exposure GOV12181122
Type of Data Compromised: software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details
Sensitivity of Data: High
Incident : Data Breach PUB110311022
Type of Data Compromised: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Number of Records Exposed: 227
Sensitivity of Data: High
Personally Identifiable Information: Name, Person Record Identifier (PRI), Date of Birth, Home Address
Incident : Data Breach PUB2215251022
Type of Data Compromised: Personal Information
Number of Records Exposed: 227
Sensitivity of Data: Medium
Personally Identifiable Information: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Incident : Data Breach CAN17246822
Type of Data Compromised: Personal, Confidential
Number of Records Exposed: 80000
Sensitivity of Data: High
Personally Identifiable Information: True
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service..
Lessons Learned and Recommendations
What lessons were learned from each incident?
Incident : Data Breach CAN206221122
Lessons Learned: Ensure contracts include security safeguards for the protection and retention of personal information.
Incident : Data Exposure GOV12181122
Lessons Learned: Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.
What recommendations were made to prevent future incidents?
Incident : Data Exposure GOV12181122
Recommendations: Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage.
What are the key lessons learned from past incidents?
Key Lessons Learned: The key lessons learned from past incidents are Ensure contracts include security safeguards for the protection and retention of personal information.Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage..
References
Where can I find more information about each incident?
Incident : Data Breach CAN17246822
Source: Public Disclosure
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Public Disclosure.
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Data Breach CAN206221122
Entry Point: Unpatched and decommissioned server
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Data Breach CAN206221122
Root Causes: Lack of security safeguards in the contract; Unpatched and decommissioned server
Incident : Data Exposure GOV12181122
Root Causes: Misconfiguration of Trello boards leading to exposure of sensitive information.
Corrective Actions: Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools.
What corrective actions has the company taken based on post-incident analysis?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools..
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an Unspecified bad actors and Anonymous.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2023-08-20.
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-09-07.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Licence plates, Related information, software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Personal and Confidential.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident were Trello boards and canada.ca, CSIS website.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Licence plates, Related information, software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Personal and Confidential.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.4M.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Ensure contracts include security safeguards for the protection and retention of personal information., Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage..
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident is Public Disclosure.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Unpatched and decommissioned server.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Lack of security safeguards in the contract; Unpatched and decommissioned server, Misconfiguration of Trello boards leading to exposure of sensitive information..
What was the most significant corrective action taken based on post-incident analysis?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools..
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
