Pri­vacy com­mis­sioner launches investigation into Equifax data breach


Canada’s pri­vacy watch­dog said Fri­day it has opened an investigation into the mas­sive Equifax Inc. data breach af­ter re­ceiv­ing sev­eral com­plaints and dozens of calls from con­cerned Cana­di­ans.

“The investigation is a pri­or­ity for our of­fice given the sen­si­tiv­ity of the per­sonal in­for­ma­tion that Equifax holds,” the Of­fice of the Pri­vacy Com­mis­sioner of Canada said in an an­nounce­ment on its web­site.

It added that the credit mon­i­tor­ing com­pany will no­tify all im­pacted Cana­di­ans in writ­ing as soon as pos­si­ble. Equifax is used by many cred­i­tors to get re­ports on con­sumers’ credit his­to­ries, which include in­for­ma­tion such as so­cial in­sur­ance num­bers, credit card num­bers and home ad­dresses.

Equifax said on Sept.7 that it was the vic­tim of a mas­sive cy­ber­at­tack that may have com­pro­mised the per­sonal data of as many as 143 mil­lion Amer­i­cans and a lim­ited num­ber of Cana­dian and U.K. res­i­dents.

Canada’s pri­vacy watch­dog first said on Tues­day that it was “pri­or­i­tiz­ing” an ex­am­i­na­tion into Equifax’s hack and would work with data pro­tec­tion author­i­ties in Canada af­ter news of the leak was made public, months af­ter it first learned about the breach.

The watch­dog said Tues­day it asked the credit mon­i­tor­ing com­pany to tell Cana­di­ans as soon as pos­si­ble if their in­for­ma­tion was stolen and to adopt mea­sures to help them. How­ever, in its update Fri­day it said that Equifax would not be call­ing in­di­vid­ual con­sumers and warned about po­ten­tial scam phone calls from those try­ing to take ad­van­tage of the breach.

It ad­vised Cana­di­ans to hang up if any­one calls them claim­ing to be af­fil­i­ated with Equifax — re­gard­less of what the caller ID says.

On Fri­day, the com­pany said fewer than 400,000 Bri­tish con­sumers had some of their per­sonal in­for­ma­tion com­pro­mised, but it was more lim­ited in scope and un­likely to lead to iden­tity theft.

Equifax has yet to spec­ify how many in­di­vid­u­als in Canada were im­pacted. Equifax has not re­sponded to mul­ti­ple re­quests for com­ment.

The credit mon­i­tor­ing com­pany’s call cen­tre staff have told call­ers that only Cana­di­ans that have credit files in the U.S. were likely to be im­pacted. How­ever, the pri­vacy com­mis­sioner said that at this point, it is not clear that the af­fected data was lim­ited to Cana­di­ans with U.S. deal­ings.

Some con­sumers have ex­pressed con­cern about the lack of in­for­ma­tion and com­mu­ni­ca­tion about the breach, one of the largest online data breaches in his­tory.

“The com­pany was a vic­tim of fraud and didn’t alert its con­sumers,” said Bethany AgnewAmer­i­cano, the lead plain­tiff in a pro­posed class ac­tion filed in On­tario on Sept. 12.

She said the credit mon­i­tor­ing com­pany makes money from of­fer­ing iden­tity theft pro­tec­tion and fraud alert ser­vices, and it needs to be held ac­count­able.

The Cana­dian Au­to­mo­bile As­so­ci­a­tion said Thurs­day it part­nered with Equifax on its iden­tity pro­tec­tion program and is no­ti­fy­ing the roughly 10,000 mem­bers who par­tic­i­pated that they may have had sen­si­tive data di­vulged in the se­cu­rity breach made public last week. It said that it was writ­ing to the pri­vacy com­mis­sioner to ask that the of­fice push Equifax to pro­vide more in­for­ma­tion to Cana­di­ans, adding that “Equifax has not been forth­com­ing with in­for­ma­tion to us de­spite our re­peated re­quests.”

The com­pany was a vic­tim of fraud and didn’t alert its con­sumers.” Bethany Agnew-Amer­i­cano, the lead plain­tiff in a pro­posed class ac­tion filed in On­tario on Sept. 12

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.