Pri­vacy watch­dog in­ves­ti­gat­ing Equifax data hack

The Prince George Citizen - - SPORTS - Aleksandra SAGAN, Armina LIGAYA

Canada’s pri­vacy watch­dog launched an in­ves­ti­ga­tion into the mas­sive Equifax Inc. data breach af­ter hear­ing from dozens of con­cerned Cana­di­ans as cus­tomers in the coun­try have yet to be told whether hack­ers stole their per­sonal in­for­ma­tion.

“The in­ves­ti­ga­tion is a pri­or­ity for our of­fice given the sen­si­tiv­ity of the per­sonal in­for­ma­tion that Equifax holds,” the Of­fice of the Pri­vacy Com­mis­sioner of Canada said in an an­nounce­ment on its web­site.

Equifax, a credit-mon­i­tor­ing com­pany used by many cred­i­tors to check con­sumers’ credit his­to­ries, said on Sept. 7 that it fell vic­tim to a mas­sive cy­ber­at­tack that may have com­pro­mised the per­sonal data of up to 143 mil­lion Amer­i­cans.

The pub­lic dis­clo­sure came months af­ter the com­pany learned of the in­ci­dent, stem­ming from a weak­ness in an open-source soft­ware pack­age called Apache Struts, on July 29. The soft­ware problem was de­tected in March and a rec­om­mended soft­ware patch was re­leased shortly af­ter­ward.

When it an­nounced the se­cu­rity is­sue, Equifax ac­knowl­edged the per­sonal in­for­ma­tion of a lim­ited num­ber of Cana­dian and U.K. res­i­dents may have been breached as well.

More than a week later, on Friday, Equifax re­leased the Bri­tish fig­ure, say­ing fewer than 400,000 Bri­tish con­sumers had some of their per­sonal in­for­ma­tion com­pro­mised, but it was more lim­ited in scope and un­likely to lead to iden­tity theft.

The com­pany has re­mained mum on how many Cana­di­ans were af­fected, and has not re­sponded to mul­ti­ple re­quests for com­ment.

The credit mon­i­tor­ing com­pany’s call cen­tre staff have told call­ers that only Cana­di­ans that have credit files in the U.S. were likely to be im­pacted. How­ever, the pri­vacy com­mis­sioner said that at this point, it is not clear that the af­fected data was lim­ited to Cana­di­ans with U.S. deal­ings.

The slow pace of in­for­ma­tion could be good or bad news for con­sumers in the Great White North.

It’s likely Cana­di­ans are the last to find out be­cause the fewest num­ber of them have been im­pacted, said Hasan Cavu­soglu, an as­so­ciate pro­fes­sor at the Univer­sity of Bri­tish Columbia’s Sauder School of Business.

It’s less likely, but also pos­si­ble, that the rea­son is more tech­ni­cal, he said, and Equifax has been un­able to pin­point the seg­ment of Cana­dian con­sumers at risk.

Some con­sumers have ex­pressed con­cern about pace of com­mu­ni­ca­tion and lack of in­for­ma­tion about the breach, one of the largest on­line data breaches in his­tory.

“The com­pany was a vic­tim of fraud and didn’t alert its con­sumers,” said Bethany Agnew-Amer­i­cano, the lead plain­tiff in a pro­posed class ac­tion, filed in On­tario on Sept. 12.

It’s one of at least two class ac­tions filed on be­half of Cana­di­ans whose in­for­ma­tion was stored on Equifax data­bases, al­leg­ing the com­pany breached its con­tract with class mem­bers as well as their pri­vacy rights, was neg­li­gent in han­dling their in­for­ma­tion, and breached pro­vin­cial pri­vacy statutes.

The credit mon­i­tor­ing com­pany makes money from of­fer­ing iden­tity theft pro­tec­tion and fraud alert ser­vices, and it needs to be held ac­count­able, Agnew-Amer­i­cano said.

The Cana­dian Au­to­mo­bile As­so­ci­a­tion, which part­nered with Equifax on its iden­tity pro­tec­tion pro­gram, said it is writ­ing tot he pri­vacy com­mis­sioner re­quest­ing the of­fice push the com­pany to pro­vide more in­for­ma­tion to Cana­di­ans.

The CAA is no­ti­fy­ing the roughly 10,000 mem­bers who par­tic­i­pated in the pro­gram that they may have had sen­si­tive data di­vulged.

The pri­vacy com­mis­sioner’s of­fice tried to soothe some of the brew­ing frus­tra­tions by as­sur­ing con­sumers that Equifax will no­tify all im­pacted Cana­di­ans in writ­ing as soon as pos­si­ble.

How­ever, it warned Equifax would not be call­ing in­di­vid­ual con­sumers and ad­vised Cana­di­ans to hang up if any­one calls them claim­ing to be af­fil­i­ated with Equifax – re­gard­less of what the caller ID says – as it could be a scam.

Equifax will also of­fer free credit mon­i­tor­ing to Cana­di­ans that are af­fected, the of­fice said.

While Cana­di­ans wait to hear more about the state of their per­sonal data, the com­pany’s rep­u­ta­tion is tak­ing a big hit as it’s al­ready known the breach im­pacted mil­lions, said Cavu­soglu.

“Who will trust Equifax af­ter this, this scale of an event,” he said. “Business will be sub­stan­tially ef­fected as a re­sult.”

— With files from The As­so­ci­ated Press

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.