funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Canada Privacy Breaches: More Than A Million Canadians May Have Had Data Compromised

From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 24 Apr 2013 18:43:29 -0400
http://www.huffingtonpost.ca/2013/04/23/canada-privacy-breach-charlie-angus_n_3142560.html

OTTAWA — More than a million Canadians may have had their private
information compromised by data breaches within the federal government
over the last ten years, an analysis by The Huffington Post Canada
suggests.

Prompted by a question from NDP MP Charlie Angus, the government was
forced to acknowledge this week that at the very least, there were
1,072,999 instances where a Canadian’s private information held by
various departments and agencies was lost, stolen or accessed by an
unauthorized third party.

In a stack of documents tabled in the House of Commons Monday, the
government admitted it has recorded more than 3,134 data and privacy
breaches between 2002 and 2012 across all departments — although many
departments only counted data breaches within the last two to five
years. Of the total breaches, only 399 were reported to Privacy
Commissioner Jennifer Stoddart.

“You have a million people whose privacy has been breached under this
government’s watch,” Charlie Angus told HuffPost Tuesday. “It looks
like the Privacy Commissioner has been kept in the dark through most
of it — and the government doesn’t seem to know how many people have
been affected. That is the concerning part of it.”

According to federal legislation, the government is not obliged to
tell Canadians if their personal information has been breached.
Departments are also not required to inform the Office of the Privacy
Commissioner.

It appears the federal government may have tried to lowball the number
of Canadians affected. Public Works only reported that 501 individuals
were affected by breaches at the department. The total number of
individuals actually affected, when one counts each case individually,
was 348,061. Public Works failed to count a case where it
inadvertently forwarded a file containing the unencrypted social
insurance numbers of 332,560 individuals to the Canadian Imperial Bank
of Commerce (CIBC). The department also didn't count a case involving
15,000 people whose names, dates of birth and unscrambled social
insurance numbers were handed over on a CD to a subcontractor who
should not have had access to the data.
...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: