Lawyers Claim Number of Data Breach Victims Was Falsified by Ottawa

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.oyetimes.com/news/canada/36145-lawyers-claim-number-of-data-breach-victims-was-falsified-by-ottawa

The group of people whose personal information was lost by the federal
government are claiming that the actual number of victims are much
more than claimed by Ottawa. It was officially announced by the Human
Resources and Skills Development Canada last month that it has lost a
flash drive from an office in Gatineau, Que., which enclosed personal
information of more than half a million recipients of student loan.

The original announcement mentioned that the data breach by the
department only affected recipients of loans between 2000 and 2006,
but now a group of lawyers is pursuing a $600-million class action
suit, some of whom claim that they applied for loans outside that
window. Natasha Vaughan, one such victim, alleged that she was
relieved to hear the news of data breach because she was not among the
announced approximately 583,000 people affected. The 30-year-old loan
applicant applied in March of 2007, whereas the federal government’s
announcement reported that all clients of the Canadian Student Loan
program from 2000 to 2006 but Ms. Vaughan claims that “the guy I spoke
to on the phone came back and said, yes, I was affected.”

Ms. Vaughan also received an official letter from the department last
week, confirming that she was among the victims who are compelled to
pay Equifax to monitor their credit records for the next six years.
Another of her friend received a student loan at the same time, and
shall technically not be the victim, is checking to confirm whether
her information was compromised too.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.