Equifax to update Canadians this week, still mum on number affected by hack
Equifax Canada said Monday it plans to provide an update this week on the impact of its massive data breach — nearly two months after it was first discovered — but would not say how many individuals north of the border may have had their personal information compromised.
The credit data company told The Canadian Press that it is working with Canada’s privacy watchdog, which announced an investigation into the cyberattack on Friday.
“We intend to share an update with Canadians this week that will include how we intend to notify any potentially impacted individuals,” an Equifax Canada spokesperson said in an email. “Our investigation is ongoing and we are committed to sharing an update with Canadian consumers.”
Canada’s privacy commissioner said Friday that Equifax has committed to contacting Canadians whose data may be at risk, in writing, as soon as possible, and to offer them free credit monitoring, a service that was provided to U.S. residents on Sept. 7, the day it first announced the data breach.
The company is now facing investigations in both Canada and the U.S., but lawyers say the punitive threat by regulators is stronger south of the border.
Equifax, which collects data about consumers’ credit histories and provides credit checks to a variety of companies, has been tightlipped about the security issue’s impact in Canada.
Equifax Canada did not respond to questions about the number of Canadians who may have had their personal information stolen or whether the potential fallout is limited to Canadians with credit files in the U.S.
The credit monitoring company’s call centre staff have told callers that only Canadians that have dealings in the U.S. were likely to be impacted by the data breach. However, the Office of the Privacy Commissioner said on Friday that, at this point, it is not clear that the affected data was limited to those Canadians.
Equifax said on Sept. 7 that it suffered a massive cyberattack in the summer that may have compromised the personal data of 143 million Americans and an undisclosed number of Canadian and U.K. residents.