We're really talking about two different things, Mr. Chair. I think there's the number of data breaches that have happened. The Privacy Commissioner of Canada, in our national cyber-threat assessment where we highlight this, said that 28 million Canadians last year had their information taken. That information has then been reused to target the Government of Canada. By reusing passwords, for example, somebody was able to log in.
We're not talking about information that was taken from the government. It was taken from other data breaches, but people reuse things. Our security questions are the same. What's your favourite colour? What school did you go to, etc.? That's the information these criminals have stolen, and because passwords are horrible and we all have too many of them, we tend to reuse them. A lot of Canadians reuse them, and so those were able be reused. That's what credential stuffing is. Really, we're talking about information from other data breaches then turned and used against the Government of Canada. But Marc, maybe—