Victims of student loan data breach get letters addressed to others

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.ctvnews.ca/canada/victims-of-student-loan-data-breach-get-letters-addressed-to-others-1.1150571

The federal government is blaming a printing error for the fact that
some student loan recipients who received letters to say their
personal information had gone missing along with a portable hard drive
also got letters addressed to someone else.

Human Resources and Skills Development Canada revealed last month that
a hard drive containing the personal information of some 583,000
Canadians had gone missing. The data included social insurance numbers
and dates of birth of people who had received student loans between
2002 and 2006.

Victims of the data breach began receiving notification letters this
week, and at least 100 of those envelopes contained letters intended
for other people.

The opposition hammered the government over the latest blunder in
question period earlier this week.

“Mr. Speaker, the incompetence continues regarding the data breach and
mail-outs now going to the wrong people,” Liberal MP Rodger Cuzner
said.

Human Resources Minister Diane Finley responded that her department
had identified the cause of the wayward letters and “the problem has
been fixed.”

In an email to CTV News, HRSDC said a printing error led to some
envelopes being double stuffed, and the personal information contained
in the letters was limited to names and addresses.

The department will send pre-paid envelopes to those who received
letters intended for others so they can be returned.

The department went public about the lost data last month after an
investigation into another breach revealed that there was a hard drive
missing from an office in Gatineau, Que. The hard drive was last seen
in August but was only discovered missing in November.

Finley has said there is no evidence to suggest that the missing data
has been used for unlawful purposes. The department has said that the
portable hard drive did not contain personal banking or medical
information.

However, Canadians affected by the breach are still concerned.

NDP MP Ruth Ellen Brosseau, who took out a student loan 11 years ago,
is among those whose data is on the missing hard drive.

“It’s my SIN card, it’s my address,” Brosseau said. “I know a lot of
people knew a lot about me after the election, and now they’re going
to know a lot more. So it’s very alarming.”

The breach has sparked both an internal and an RCMP investigation, and
department officials will appear before a Commons committee next month
to answer questions.

Dozens of people have also joined at least three class-action lawsuits
that have been filed over the breach, demanding hundreds of millions
of dollars in compensation.

With a report from CTV’s Alberta Bureau Chief Janet Dirks and files
from The Canadian Press.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.