September 19, 2017 by Canadian Underwriter
Equifax Canada is reporting that the personal information of approximately 100,000 Canadian consumers may have been affected by the credit monitoring company’s recent data breach.
“While our investigation is ongoing and this information may change, at this point, we believe that the incident involves potential access to the personal information of approximately 100,000 Canadian consumers, and that the information that may have been breached includes name, address, Social Insurance Number and, in limited cases, credit card numbers,” Equifax Canada said in a statement issued on Tuesday.
On Sept. 7, Equifax Inc. announced that cybercriminals had exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the authorized access occurred from mid-May through July of this year, Equifax Canada said in the statement. Although it was originally thought that the incident was limited to U.S. consumers, of which 143 million were affected, Equifax Inc. discovered shortly before the Sept.7 announcement that some consumers in Canada and the United Kingdom were also impacted.
The statement said that Equifax Inc. discovered the unauthorized access on July 29 and acted immediately to stop the intrusion. The company promptly engaged an independent cybersecurity firm to conduct a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax Inc. also reported the criminal access to law enforcement and continues to work with authorities, the statement said.
“We apologize to Canadian consumers who have been impacted by this incident,” said Lisa Nelson, president and general manager of Equifax Canada. “We understand it has also been frustrating that Equifax Canada has been unable to provide clarity on who was impacted until the investigation is complete. Our focus now is on providing impacted consumers with the support they need.”
Equifax Canada is working in close coordination with Equifax Inc. and the independent cybersecurity firm in conducting the ongoing investigation. Equifax Inc. The statement said that “Equifax has been working with the Office of the Privacy Commissioner of Canada (OPC) and will be sending notices via mail directly to all impacted consumers outlining the steps they should take. For impacted Canadians, we will also be providing complimentary credit monitoring and identity theft protection for 12 months.”
On Friday, OPC said in a press release that it had opened an investigation into the breach “after receiving several complaints and dozens of calls from concerned Canadians.” Although it was initially suggested by the Canadian Press that “only Canadians who have had dealings in the United States are likely to be affected,” OPC said in the release that “at this point in time, it is not clear that the affected data was limited to Canadians with U.S. dealings.”
On Thursday, the Canadian Press reported that the Canadian Automobile Association (CAA) “partnered with Equifax on its identity protection program and is notifying the roughly 10,000 members who participated that they may have had sensitive data divulged in the security breach.”
More information on the breach is available at https://www.consumer.equifax.ca/canada/home/en_ca_b/ and https://www.equifaxsecurity2017.com/.