The CSE statement says that of more than 4,500 known federal government computer-system compromises to date in 2016, it can identify only three known instances where data were actually stolen.
From the Globe and Mail – Hackers target Canadian government’s energy and resource departments – by Colin Freeze – November 17, 2016
The article is based on the CSE response to a Parliamentary question.
Specifically, CSE responded in Sessional Paper No. 8530-421-14 to Question Q-525 in the 42nd Parliament, 1st Session. Unfortunately at this time I am not able to post this paper online.
You can see the titles of all Written Questions and the information about the responses at Status of House Business – Part III – Written Questions http://www.parl.gc.ca/HousePublications/Publication.aspx?Pub=status&File=12
The specific info for this question is
Q-5252 — Mr. Jeneroux (Edmonton Riverbend) — Cyber attacks — Notice — September 30, 2016
Answer tabled (Sessional Paper No. 8530-421-14) — November 16, 2016
Made an Order for Return and answer tabled (Sessional Paper No. 8555-421-525) — November 18, 2016
To find the actual text of the question, the only way I know is to go back through the Order Paper and Notice Paper, usually from the day after the notice date. You can find Q-525 in the October 3, 2016 Questions section:
Q-5252 — September 30, 2016 — Mr. Jeneroux (Edmonton Riverbend) — With regard to cyber attacks, broken down by month, and by department, agency, and crown corporation, since January 1, 2016: (a) how many cyber attacks have occurred, either against a department, agency or crown corporation or on one of their servers or networks; (b) how many of the attacks referred to in (a) resulted in government information being stolen; (c) how many of the attacks referred to in (b) resulted in classified government information being stolen; (d) how many of the attacks referred to in (a) resulted in individuals’ personal information being stolen; (e) for each of the attacks referred to in (d), how many individuals’ personal information was stolen; (f) were the individuals from whom information was stolen informed of the theft, and, if so, how were they informed; and (g) for each case where individuals’ information was stolen, was the Privacy Commissioner notified?
The superscript 2 means 2 Response requested within 45 days.
And no, I don’t know how anyone would know any of this without spending a lot of time on parl.gc.ca plus getting some help. It is very unintuitive and nothing is linked properly.