Cyber intrusion at the National Research Council (Update)

Statement - Update

July 31, 2014

Earlier this week, the National Research Council (NRC) confirmed a cyber intrusion on its IT infrastructure. Since this announcement, and in collaboration with its security partners, NRC has taken additional steps to protect its information and the information of its clients and stakeholders by isolating its information holdings and redesigning internal protocols and security procedures.

Addressing this situation remains the top priority for NRC. As NRC adapts its business processes there will be disruptions to regular business operations. The interim measures being taken by NRC with support from its Government of Canada partners are critical enablers to maintain business operations and minimize the impact on clients and stakeholders. In the longer term, NRC will work with Government of Canada IT experts to build a new IT infrastructure to integrate within the broader Government of Canada network to mitigate the risk of future cyber threats of this nature.

Creating a new, secure IT infrastructure within the broader Government of Canada network could take approximately one year. However, the NRC expects to be able to resume business activities in an orderly manner over the next few weeks and months.

At this time, NRC wishes to renew its commitment to its employees, clients, stakeholders and the general public that protecting confidentiality and proprietary information is of fundamental importance to its ongoing operations. NRC continues to engage with its clients and stakeholders to answer any questions and to address any concerns that they may have on this situation.

For more information, please contact us at 1-877-NRC-CNRC (1-877-672-2672).