Montreal Gazette

What you need to know about SIN security breach

- — VITO PILIECI, POSTMEDIA NEWS

With the theft of social insurance numbers from Canada Revenue Agency servers, here is informatio­n addressing concerns involving the Heartbleed computer vulnerabil­ity.

What can hackers do with my Social Insurance Number?

Using a person’s SIN, fraudsters can impersonat­e you and possibly steal your identity. The SIN links all of your various government data profiles, from your taxes to your driver’s licence. It can also be used to apply for a job using your identity, open a new bank account, apply for loans, and rent vehicles and equipment, leaving you holding the bill.

Is it possible that hackers got more than just social insurance numbers?

The short answer is yes. The Heartbleed vulnerabil­ity just belches out informatio­n that may still be in the memory of a computer server. Exploiting the vulnerabil­ity will see the server hand over the last 64 Kilobytes of informatio­n that has been received.

How does this stack up compared to other breaches of data security?

Until the extent of Heartbleed is better understood in the days and months ahead, it’s hard to tell how this stacks up. This isn’t even the biggest breach the federal government has reported in recent memory. The Privacy Commission­er of Canada lambasted the Employment and Social Developmen­t Canada for losing a hard drive, containing personal informatio­n, including social insurance numbers and addresses of 583,000 student loan recipients.

What should you do if you fear your informatio­n has been stolen?

There isn’t much you can do. Simply monitor your bank and credit card statements for unauthoriz­ed charges and activity. If you are really concerned, contact a company such as Equifax to monitor your credit record and notify you of any strange activity or possible identify fraud. The one thing you should not do is respond to emails that state you are a victim. Hackers use incidents like this to prey on people and gather more informatio­n.

How do I find out if I’ve been affected by the CRA intrusion?

The government has said it will be sending out registered letters to everyone affected for more informatio­n about how to proceed.

?? ?? Private informatio­n was likely stolen from Canada Revenue Agency services thanks to the Heartbleed vulnerabil­ity.
Private informatio­n was likely stolen from Canada Revenue Agency services thanks to the Heartbleed vulnerabil­ity.

Newspapers in English

Newspapers from Canada