What you need to know about SIN security breach
With the theft of social insurance numbers from Canada Revenue Agency servers, here is information addressing concerns involving the Heartbleed computer vulnerability.
What can hackers do with my Social Insurance Number?
Using a person’s SIN, fraudsters can impersonate you and possibly steal your identity. The SIN links all of your various government data profiles, from your taxes to your driver’s licence. It can also be used to apply for a job using your identity, open a new bank account, apply for loans, and rent vehicles and equipment, leaving you holding the bill.
Is it possible that hackers got more than just social insurance numbers?
The short answer is yes. The Heartbleed vulnerability just belches out information that may still be in the memory of a computer server. Exploiting the vulnerability will see the server hand over the last 64 Kilobytes of information that has been received.
How does this stack up compared to other breaches of data security?
Until the extent of Heartbleed is better understood in the days and months ahead, it’s hard to tell how this stacks up. This isn’t even the biggest breach the federal government has reported in recent memory. The Privacy Commissioner of Canada lambasted the Employment and Social Development Canada for losing a hard drive, containing personal information, including social insurance numbers and addresses of 583,000 student loan recipients.
What should you do if you fear your information has been stolen?
There isn’t much you can do. Simply monitor your bank and credit card statements for unauthorized charges and activity. If you are really concerned, contact a company such as Equifax to monitor your credit record and notify you of any strange activity or possible identify fraud. The one thing you should not do is respond to emails that state you are a victim. Hackers use incidents like this to prey on people and gather more information.
How do I find out if I’ve been affected by the CRA intrusion?
The government has said it will be sending out registered letters to everyone affected for more information about how to proceed.