Equifax to update Canadians this week, still mum on number impacted by hack

TORONTO – Equifax Canada said Monday it plans to provide an update this week on the impact of its massive data breach it, but would not say how many individuals north of the border may have had their personal information compromised.

The credit data company told The Canadian Press that it is working with Canada’s privacy watchdog, which announced an investigation into the cyberattack on Friday.

“We intend to share an update with Canadians this week that will include how we intend to notify any potentially impacted individuals,” an Equifax Canada spokesperson said in an email. “Our investigation is ongoing and we are committed to sharing an update with Canadian consumers.”

Canada’s privacy commissioner said Friday that Equifax has committed to contacting Canadians whose data may be at risk, in writing, as soon as possible, and to provide them with free credit monitoring.

Related: Equifax faces growing scrutiny as CAA says 10,000 may be impacted

Equifax Canada did not respond to questions about the number of Canadians who may have had their personal information stolen or whether the potential fallout is limited to Canadians with credit files in the U.S.

The credit monitoring company’s call centre staff have told callers that only Canadians that have dealings in the U.S. were likely to be impacted by the data breach. However, the Office of the Privacy Commissioner said on Friday that, at this point, it is not clear that the affected data was limited to those Canadians.

Equifax said on Sept. 7 that it fell victim to a massive cyberattack in the summer that may have compromised the personal data of 143 million Americans and an undisclosed number of Canadian and U.K. residents.

Related: Federal privacy commissioner asks Equifax for information on affected Canadians

The credit data company has since said that fewer than 400,000 U.K. individuals may have been affected in the hack that was discovered on July 29, but has yet to quantify the number of Canadians whose data may have been stolen.

Equifax says on its Canadian website that the personal information that may have been breached includes names, addresses and social insurance numbers.

The company is now facing investigations in both Canada and the U.S., but lawyers say the punitive threat by regulators is stronger south of the border.

Related: Equifax says U.S.-focused theft of data touched ‘certain’ Canadian residents

If the credit monitoring company is found to have failed to do enough to protect consumers’ data, the Federal Trade Commission in the U.S. can issue hefty fines, said Toronto-based cybersecurity and privacy lawyer Lyndsay Wasser of McMillan LLP.

She added that Canada’s privacy watchdog cannot hand down fines but can recommend the company make changes and sign an agreement urging them to comply.

Ottawa-based lawyer Tamir Israel pointed to the hacking of Canadian affair-seeking website Ashley Madison, which paid $1.6 million US to settle with the FTC but was not fined in Canada.