Public Services and Procurement Canada | Services publics et Approvisionnement Canada Company Cyber Security Posture
tpsgc-pwgsc.gc.caWe serve federal departments and agencies as their central purchasing agent, real property manager, treasurer, accountant, pay and pension administrator, integrity adviser and linguistic authority. Terms of use: https://www.canada.ca/en/transparency/terms.html#interact-with --- Nous servons les ministères et organismes fédéraux en tant qu'acheteur central, gestionnaire de biens immobiliers, trésorier, comptable, administrateur de la paye et des pensions, conseiller en matière d'intégrité et spécialiste des questions linguistiques. Conditions d'utilisation : https://www.canada.ca/fr/transparence/avis.html#echanger
PSPC|SPEAC Company Details
pspc-spac
7863 employees
183489
922
Government Administration
tpsgc-pwgsc.gc.ca
Scan still pending
PUB_3726243
In-progress
PSPC|SPEAC Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
PSPC|SPEAC Global Score.png)
Public Services and Procurement Canada | Services publics et Approvisionnement Canada Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Public Services and Procurement Canada | Services publics et Approvisionnement Canada Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Canada Revenue Agency - Agence du revenu du Canada | Breach | 85 | 4 | 06/2018 | CAN17246822 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Canada Revenue Agency logs 2,338 privacy breaches in just under 2 years. The personal, confidential information of over 80,000 individual Canadians held by the Canada Revenue Agency may have been accessed without authorization over the last 21 months. But only a handful affected a large number of Canadians. | |||||||
| Public Services and Procurement Canada | Breach | 60 | 3 | 09/2018 | PUB110311022 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: A significant data breach happened in the federal government after a device was stolen from Public Services and Procurement Canada. PSPC is Infrastructure Canada’s service provider for pay, pension and benefits. All 227 employees were affected are at Infrastructure Canada No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address and salary range may have been compromised. | |||||||
| Canada Border Services Agency | Agence des services frontaliers du Canada | Breach | 80 | 4 | 10/2022 | CAN206221122 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Canada Border Services Agency suffered a data breach incident after a contractor led to the unauthorised access of up to 1.38 million licence plates and related information. The investigation found that the contract lacked clauses with respect to security safeguards, including for the protection and retention of personal information. Bad actors were able to break into the third-party contractors’ systems through an unpatched and decommissioned server, where they were able to access, copy, and remove files from the network, before posting some of the data on the dark web. The breach exposed around 9,000 licence plate photos of travellers crossing into Canada from the border crossing in Cornwall, Ontario. | |||||||
| Government of Canada | Cyber Attack | 100 | 6 | 06/2015 | GOV192330422 | Link | |
Rankiteo Explanation : Attack threatening the economy of a geographical regionDescription: Several Canadian government websites and servers were targeted in a cyberattack by the hacking group Anonymous. The attack affected several websites for government services, including canada.ca, as well as the site of Canada’s spy agency, the Canadian Security Intelligence Service (CSIS). The attack was aimed to show their retaliation for a new anti-terrorism law passed by Canada’s politicians. | |||||||
| Public Services and Procurement Canada | Cyber Attack | 85 | 4 | 08/2022 | PUB2215251022 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: A device was stolen from Public Services and Procurement Canada. PSPC is Infrastructure Canada’s service provider for pay, pension and benefits. All 227 employees affected are at Infrastructure Canada. The device in question was stolen on Aug 20 and affected employees were informed on Sept 7. No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address and salary range have been compromised. Ottawa police have been made aware of the incident. | |||||||
| Government of Canada | Data Leak | 60 | 3 | 08/2018 | GOV12181122 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The governments of Canada was exposed to the entire internet details of software bugs and security plans, as well as passwords for servers, official internet domains, conference calls, and an event-planning system by misconfiguring pages on Trello, a project management website. 25 Canadian government trello boards had sensitive information, such as remote file access, or FTP, credentials, and login details for the Eventbrite event-planning platform. The government of Canada said, Departments and agencies of the Government of Canada must apply adequate security controls to protect their users, information, and assets. Employees are being reminded of their obligation never to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service. | |||||||
Public Services and Procurement Canada | Services publics et Approvisionnement Canada Company Subsidiaries
We serve federal departments and agencies as their central purchasing agent, real property manager, treasurer, accountant, pay and pension administrator, integrity adviser and linguistic authority. Terms of use: https://www.canada.ca/en/transparency/terms.html#interact-with --- Nous servons les ministères et organismes fédéraux en tant qu'acheteur central, gestionnaire de biens immobiliers, trésorier, comptable, administrateur de la paye et des pensions, conseiller en matière d'intégrité et spécialiste des questions linguistiques. Conditions d'utilisation : https://www.canada.ca/fr/transparence/avis.html#echanger
Access Data Using Our API
Get company history
Rapid.png)
PSPC|SPEAC Cyber Security News
Bad Break In CIBR Led To Our Exit And The Skip Of A New Entry
A bad break in cybersecurity stocks led to our exit, even before knowing the reason for it. It also led to us skipping the next setup.
Here’s what cybersecurity experts think about Tea’s data breach
Roughly 72000 images, including 13000 user selfies submitted for account verification prior to February 2024, were accessed in the breach.
3 Top Cybersecurity Stocks to Buy Now
These cybersecurity stocks can benefit significantly from the increase in threats.
The books shaping today’s cybersecurity leaders
From strategy and psychology to history and decision-making, these are the books CISOs recommend to sharpen your thinking, influence your ...
The role of the cybersecurity PM in incident-driven development
From PowerShell abuse to USB data theft, modern threats hit fast—and hard.vSee how security-minded PMs are responding with real-time ...
Introducing the smarter, more sophisticated Malwarebytes Trusted Advisor, your cybersecurity personal assistant
Malwarebytes Trusted Advisor has had an update, and it's now sharper, smarter, and more helpful than ever.
USF Bellini College of Artificial Intelligence, Cybersecurity and Computing hosts inaugural summer research program ahead of fall launch
From training robots to integrating artificial intelligence into hardware systems, the USF Bellini College of Artificial Intelligence, ...
Cyber Career Opps: Weighing Certifications vs. Degrees
Longtime CISO Melina Scotto joins Dark Reading to discuss career advice gleaned from her 30 years in the cyber industry.
Cyber unicorn Axonius acquires Cynerio in $180M deal to expand into healthcare security
Cybersecurity unicorn Axonius is acquiring Cynerio, a healthcare IoT cybersecurity and asset management startup, in an all-Israeli deal ...
PSPC|SPEAC Similar Companies
City of Tallinn
Tallinn is the capital of Estonia. The mission of the city organization is to make Tallinn the best place to live for the people staying here, the desired destination for people arriving here, and a good place of departure for people who start here. For this purpose, the management of Tallinn as a
State of Oregon
Official LinkedIn page for the state of Oregon. Oregon is a state in the Pacific Northwest region of the United States. It is located on the Pacific coast, with Washington to the north, California to the south, Nevada on the southeast and Idaho to the east. The Columbia and Snake rivers delineate mu
National Park Service
Most people know that the National Park Service cares for national parks, a network of over 420 natural, cultural and recreational sites across the nation. The treasures in this system – the first of its kind in the world – have been set aside by the American people to preserve, protect, and share t
Air Force Civilian Service
We are on a mission. A mission to defend freedom and preserve liberty. A mission to support the men and women in uniform of the United States Air Force with our talent and dedication and service. Fueled by the challenge and motivated by the opportunities, we’re on a mission to excel in every way. An
Western Cape Government
The Western Cape Government creates laws for and provides services to the people of the Western Cape. We work closely with the National Government and municipalities in the Western Cape to ensure that citizens of the province have access to the services, facilities and information they need. We are
City of Amsterdam
Working for Amsterdam means working for the most beautiful city in the world. Think of its rich history, the role Amsterdam plays internationally, and events such as Sail, Gay Pride and King’s Day. Of course everybody wants to visit Amsterdam, or work or live here. As you can probably imagine, wo
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
PSPC|SPEAC CyberSecurity History Information
How many cyber incidents has PSPC|SPEAC faced?
Total Incidents: According to Rankiteo, PSPC|SPEAC has faced 6 incidents in the past.
What types of cybersecurity incidents have occurred at PSPC|SPEAC?
Incident Types: The types of cybersecurity incidents that have occurred incidents Data Leak, Cyber Attack and Breach.
How does PSPC|SPEAC detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through remediation measures with Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service. and law enforcement notified with Ottawa Police.
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: Canada Border Services Agency Data Breach
Description: Canada Border Services Agency suffered a data breach incident after a contractor led to the unauthorised access of up to 1.38 million licence plates and related information.
Type: Data Breach
Attack Vector: Unpatched and decommissioned server
Vulnerability Exploited: Lack of security safeguards in the contract
Threat Actor: Unspecified bad actors
Incident : Data Exposure
Title: Canadian Government Data Exposure via Trello
Description: The government of Canada exposed sensitive information including software bugs, security plans, server passwords, official internet domains, conference calls, and event-planning system details due to misconfigured Trello boards.
Type: Data Exposure
Attack Vector: Misconfiguration
Vulnerability Exploited: Misconfigured third-party service
Incident : Data Breach
Title: Data Breach at Infrastructure Canada
Description: A significant data breach happened in the federal government after a device was stolen from Public Services and Procurement Canada (PSPC). PSPC is Infrastructure Canada’s service provider for pay, pension, and benefits. All 227 employees were affected at Infrastructure Canada. No banking or social insurance information was affected. Name, person record identifier (PRI), date of birth, home address, and salary range may have been compromised.
Type: Data Breach
Attack Vector: Device Theft
Incident : Data Breach
Title: Device Theft at Public Services and Procurement Canada
Description: A device was stolen from Public Services and Procurement Canada, compromising personal information of 227 employees at Infrastructure Canada.
Date Detected: 2023-08-20
Date Publicly Disclosed: 2023-09-07
Type: Data Breach
Attack Vector: Physical Theft
Incident : Data Breach
Title: Canada Revenue Agency Privacy Breaches
Description: The personal, confidential information of over 80,000 individual Canadians held by the Canada Revenue Agency may have been accessed without authorization over the last 21 months.
Type: Data Breach
Incident : Cyberattack
Title: Cyberattack on Canadian Government Websites
Description: Several Canadian government websites and servers were targeted in a cyberattack by the hacking group Anonymous. The attack affected several websites for government services, including canada.ca, as well as the site of Canada’s spy agency, the Canadian Security Intelligence Service (CSIS). The attack was aimed to show their retaliation for a new anti-terrorism law passed by Canada’s politicians.
Type: Cyberattack
Threat Actor: Anonymous
Motivation: Retaliation for a new anti-terrorism law
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Unpatched and decommissioned server.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach CAN206221122
Data Compromised: Licence plates, Related information
Incident : Data Exposure GOV12181122
Data Compromised: software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details
Systems Affected: Trello boards
Incident : Data Breach PUB110311022
Data Compromised: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Incident : Data Breach PUB2215251022
Data Compromised: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Incident : Data Breach CAN17246822
Data Compromised: Personal, Confidential
Incident : Cyberattack GOV192330422
Systems Affected: canada.ca, CSIS website
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Licence plates, Related information, software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Personal Information, Personal and Confidential.
Which entities were affected by each incident?
Incident : Data Breach CAN206221122
Entity Type: Government Agency
Industry: Government
Location: Canada
Incident : Data Breach PUB110311022
Entity Type: Government Agency
Industry: Government
Size: 227 employees
Incident : Data Breach PUB2215251022
Entity Type: Government Agency
Industry: Public Services
Location: Canada
Size: 227 employees affected
Incident : Data Breach CAN17246822
Entity Type: Government
Industry: Public Sector
Location: Canada
Customers Affected: 80000
Response to the Incidents
What measures were taken in response to each incident?
Incident : Data Exposure GOV12181122
Remediation Measures: Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service.
Incident : Data Breach PUB2215251022
Law Enforcement Notified: Ottawa Police
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach CAN206221122
Type of Data Compromised: Licence plates, Related information
Number of Records Exposed: 1.38 million
Data Exfiltration: Yes
Personally Identifiable Information: Licence plate photos
Incident : Data Exposure GOV12181122
Type of Data Compromised: software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details
Sensitivity of Data: High
Incident : Data Breach PUB110311022
Type of Data Compromised: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Number of Records Exposed: 227
Sensitivity of Data: High
Personally Identifiable Information: Name, Person Record Identifier (PRI), Date of Birth, Home Address
Incident : Data Breach PUB2215251022
Type of Data Compromised: Personal Information
Number of Records Exposed: 227
Sensitivity of Data: Medium
Personally Identifiable Information: Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range
Incident : Data Breach CAN17246822
Type of Data Compromised: Personal, Confidential
Number of Records Exposed: 80000
Sensitivity of Data: High
Personally Identifiable Information: True
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service..
Lessons Learned and Recommendations
What lessons were learned from each incident?
Incident : Data Breach CAN206221122
Lessons Learned: Ensure contracts include security safeguards for the protection and retention of personal information.
Incident : Data Exposure GOV12181122
Lessons Learned: Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.
What recommendations were made to prevent future incidents?
Incident : Data Exposure GOV12181122
Recommendations: Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage.
What are the key lessons learned from past incidents?
Key Lessons Learned: The key lessons learned from past incidents are Ensure contracts include security safeguards for the protection and retention of personal information.Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage..
References
Where can I find more information about each incident?
Incident : Data Breach CAN17246822
Source: Public Disclosure
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Public Disclosure.
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Data Breach CAN206221122
Entry Point: Unpatched and decommissioned server
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Data Breach CAN206221122
Root Causes: Lack of security safeguards in the contract; Unpatched and decommissioned server
Incident : Data Exposure GOV12181122
Root Causes: Misconfiguration of Trello boards leading to exposure of sensitive information.
Corrective Actions: Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools.
What corrective actions has the company taken based on post-incident analysis?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools..
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an Unspecified bad actors and Anonymous.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2023-08-20.
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-09-07.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Licence plates, Related information, software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Personal and Confidential.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident were Trello boards and canada.ca, CSIS website.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Licence plates, Related information, software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, Personal and Confidential.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.4M.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Ensure contracts include security safeguards for the protection and retention of personal information., Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage..
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident is Public Disclosure.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Unpatched and decommissioned server.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Lack of security safeguards in the contract; Unpatched and decommissioned server, Misconfiguration of Trello boards leading to exposure of sensitive information..
What was the most significant corrective action taken based on post-incident analysis?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools..
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
