BreachExchange mailing list archives
Victims of student loan data breach get letters addressed to others
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Sun, 10 Feb 2013 13:12:49 -0600
http://www.ctvnews.ca/canada/victims-of-student-loan-data-breach-get-letters-addressed-to-others-1.1150571 The federal government is blaming a printing error for the fact that some student loan recipients who received letters to say their personal information had gone missing along with a portable hard drive also got letters addressed to someone else. Human Resources and Skills Development Canada revealed last month that a hard drive containing the personal information of some 583,000 Canadians had gone missing. The data included social insurance numbers and dates of birth of people who had received student loans between 2002 and 2006. Victims of the data breach began receiving notification letters this week, and at least 100 of those envelopes contained letters intended for other people. The opposition hammered the government over the latest blunder in question period earlier this week. “Mr. Speaker, the incompetence continues regarding the data breach and mail-outs now going to the wrong people,” Liberal MP Rodger Cuzner said. Human Resources Minister Diane Finley responded that her department had identified the cause of the wayward letters and “the problem has been fixed.” In an email to CTV News, HRSDC said a printing error led to some envelopes being double stuffed, and the personal information contained in the letters was limited to names and addresses. The department will send pre-paid envelopes to those who received letters intended for others so they can be returned. The department went public about the lost data last month after an investigation into another breach revealed that there was a hard drive missing from an office in Gatineau, Que. The hard drive was last seen in August but was only discovered missing in November. Finley has said there is no evidence to suggest that the missing data has been used for unlawful purposes. The department has said that the portable hard drive did not contain personal banking or medical information. However, Canadians affected by the breach are still concerned. NDP MP Ruth Ellen Brosseau, who took out a student loan 11 years ago, is among those whose data is on the missing hard drive. “It’s my SIN card, it’s my address,” Brosseau said. “I know a lot of people knew a lot about me after the election, and now they’re going to know a lot more. So it’s very alarming.” The breach has sparked both an internal and an RCMP investigation, and department officials will appear before a Commons committee next month to answer questions. Dozens of people have also joined at least three class-action lawsuits that have been filed over the breach, demanding hundreds of millions of dollars in compensation. With a report from CTV’s Alberta Bureau Chief Janet Dirks and files from The Canadian Press. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Victims of student loan data breach get letters addressed to others Erica Absetz (Feb 11)