National Post

Equifax Canada seeks to stem fallout of U.S. breach

FINANCE

- David Padd on

• Equifax Canada’s reputation took a hit after its U. S. parent revealed a massive data breach last year, but chief privacy officer John Russo says the 19,000 affected Canadian accounts haven’t been linked to any fraud.

Russo’s assurances come as the credit monitoring company promoted its new Canadian income and employment verificati­on service for lenders amid stricter mortgage rules.

Under a new standard, federally regulated mortgage lenders have been required since Jan. 1 to do stress tests on a prospectiv­e borrower’s ability to withstand an increase in interest rates even if they don’t require mortgage insurance.

“There’s increased rigour when they have to verify third- party informatio­n,” Russo said. “They can’t just rely on pay stubs and stuff that you bring as a borrower. They have to use an independen­t source.”

Equifax was tight- lipped in the aftermath of the hack last year.

In promoting the new service, Russo acknowledg­ed that the company’s reputation as a custodian of sensitive personal data took a hit with the leak of confidenti­al informatio­n for about 145 million Americans from one of several Equifax databases.

The breach i ncluded names, addresses and social security and credit card numbers, as well as usernames, passwords and secret question/secret answer data.

Equifax’s reputation was damaged by the sensitivit­y of the informatio­n, the security lapse that allowed the leak and the delay in announcing the breach.

While the company didn’t announce the hack until Sept. 7, it was discovered in July and likely began in midMay.

The Atlanta- based company was also initially unable to say how many Canadians were affected, then estimated the number at 100,000 on Sept. 19, 8,000 on Oct. 2 and the current estimate of 19,000 on Nov. 28.

“First and f oremost, I would say ‘sorry’ to all Canadians,” Russo said — repeating an apology that he delivered in December to a House of Commons committee in Ottawa.

Russo noted that, as of this week, none of the Canadians who used the hacked U. S. server has reported any signs of identity theft since they were notified of the risk.

The c ompany’s monitoring has also found no evidence the Canadian account informatio­n has been bought or sold.

Paul Taylor, president and CEO of Mortgage Profession­als Canada, said Equifax’s new income and employment verificati­on service has potential if it works as intended.

But Taylor said he has no way to judge whether it will meet OSFI’s requiremen­ts or be cost-effective for mortgage lenders.

“I think lenders are already doing quite thorough due diligence of i ncome verificati­on on mortgage applicatio­ns these days,” Taylor said.

Newspapers in English

Newspapers from Canada