Canada’s pri­vacy watch­dog in­ves­ti­gat­ing Equifax breach

The Globe and Mail (Ottawa/Quebec Edition) - - NEWS - ALEKSANDRA SAGAN ARMINA LIGAYA

Canada’s pri­vacy watch­dog launched an in­ves­ti­ga­tion into the mas­sive Equifax Inc. data breach af­ter hear­ing from dozens of con­cerned Cana­di­ans as cus­tomers in the coun­try have yet to be told whether hack­ers stole their per­sonal in­for­ma­tion.

“The in­ves­ti­ga­tion is a pri­or­ity for our of­fice given the sen­si­tiv­ity of the per­sonal in­for­ma­tion that Equifax holds,” the Of­fice of the Pri­vacy Com­mis­sioner of Canada said in an an­nounce­ment on its web­site.

Equifax, a credit-mon­i­tor­ing com­pany used by many cred­i­tors to check con­sumers’ credit his­to­ries, said on Sept. 7 that it fell vic­tim to a mas­sive cy­ber­at­tack that may have com­pro­mised the per­sonal data of up to 143 mil­lion Amer­i­cans from May 13 to July 30.

The United States Com­puter Emer­gency Readi­ness Team de­tected and dis­closed the vul­ner­a­bil­ity in Apache Struts in March, Equifax said in a state­ment, adding Equifax “took ef­forts to iden­tify and to patch any vul­ner­a­ble sys­tems in the com­pany’s IT in­fra­struc­ture.”

Equifax an­nounced late Friday that its chief in­for­ma­tion of­fi­cer and chief se­cu­rity of­fi­cer would leave the com­pany im­me­di­ately.

The credit data com­pany said that Su­san Mauldin, who had been the top se­cu­rity of­fi­cer, and David Webb, the chief tech­nol­ogy of­fi­cer, are re­tir­ing from Equifax. Ms. Mauldin, a col­lege mu­sic ma­jor, had come un­der me­dia scru­tiny for her qual­i­fi­ca­tions in se­cu­rity. Equifax did not say in its state­ment what re­tire­ment pack­ages the ex­ec­u­tives would re­ceive. Ms. Mauldin is be­ing re­placed by Russ Ay­ers, an in­for­ma­tion tech­nol­ogy ex­ec­u­tive in­side Equifax. Mr. Webb is be­ing re­placed by Mark Rohrwasser, who most re­cently was in charge of Equifax’s in­ter­na­tional tech­nol­ogy op­er­a­tions.

When it an­nounced the se­cu­rity is­sue, Equifax ac­knowl­edged the per­sonal in­for­ma­tion of a lim­ited num­ber of Cana­dian and Bri­tish res­i­dents may have been breached as well.

More than a week later, on Friday, Equifax re­leased the Bri­tish fig­ure, say­ing fewer than 400,000 Bri­tons had some of their per­sonal in­for­ma­tion com­pro­mised, but it was more lim­ited in scope and un­likely to lead to iden­tity theft.

The credit mon­i­tor­ing com­pany’s call-cen­tre staff have told call­ers that only Cana­di­ans that have credit files in the United States were likely to be af­fected. How­ever, the pri­vacy com­mis­sioner said that at this point, it is not clear that the af­fected data was lim­ited to Cana­di­ans with U.S. deal­ings.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.