Privacy commissioner launches Equifax investigation
TORONTO — Canada’s privacy watchdog says it has opened an investigation into the massive Equifax Inc. data breach after receiving several complaints and dozens of calls from concerned Canadians.
The Office of the Privacy Commissioner of Canada says that the credit monitoring company has committed to notifying all impacted Canadians in writing as soon as possible, but it will not be calling affected consumers.
Equifax said last week that it was the victim of a massive cyberattack that may have compromised the personal data of as many as 143 million Americans and a limited number of Canadian and U.K. residents, but has not specified how many individuals in Canada were impacted.
The credit monitoring company’s call centre staff have told callers that only Canadians that have credit files in the U.S. were likely to be impacted.
However, the privacy commissioner says at this point, it is not clear that the affected data was limited to Canadians with U.S. dealings. The watchdog added that Equifax will also offer free credit monitoring to those Canadians that are affected.
Meanwhile, the Canadian Automobile Association is informing thousands of its members that their data may have been compromised.
The CAA said it partnered with Equifax on its identity protection program and is notifying the roughly 10,000 members who participated that they may have had sensitive data divulged in the security breach.
The auto organization’s program required members to register their personal information such as credit cards, banking information and email address, with the option of providing a social insurance number.
It appears that the sensitive information of CAA members who signed up for the identity protection program was stored with Equifax USA, said Ian Jack, CAA managing director of communications and government relations.
The company has shied away from public comment. However, Equifax Canada’s customer service agents have told callers that only Canadians who have had dealings in the U.S. are likely to have had their information compromised in the data breach. That includes those who have lived, worked or applied for credit south of the border.
“Equifax has not been forthcoming with information to us despite our repeated requests,” Jack said.
The identity protection program began in March 2015 and was terminated on July 1, weeks before Equifax discovered the hack on July 29.
Equifax Canada did not respond to requests for comment from The Canadian Press.