TORONTO (03/17/2004) - More than 1,400 Canadians, primarily in the provinces of British Columbia and Alberta, have been notified of a major security breach at Equifax Canada Inc., a national consumer-credit reporting agency.
Equifax confirmed Tuesday that it discovered the breach in late February and has notified affected consumers via registered mail asking that they contact the agency to review the contents of their respected credit files.
According to reports, access was gained to the personal, detailed credit files of more than 1,400 people. The files contained social insurance numbers, bank account numbers, credit histories, home addresses and job descriptions.
Equifax is currently working with the Royal Canadian Mounted Police to find the culprits of the unauthorized access. At press time, there was still no word on the success of the investigation.
Equifax spokespeople refused to comment when contacted by IT World Canada, but the company did issue a statement which outlined the steps it is taking to ensure consumer protection.
The company has activated alert messages reading "lost or stolen identification" on the credit file of each affected consumer, which Equifax said would "prompt potential creditors to carefully confirm the consumer's identity and will help protect the consumer from potential identity theft."
The agency also stated it is providing affected consumers with a one-year free subscription to Credit Alert, a service that monitors credit file activity and alerts the consumer immediately of any changes "that could signal potential identity theft."
This situation has the Canadian security community very concerned. According to Rosaleen Citron, CEO of Burlington, Ont.-based security software firm Whitehat Inc., the breach is much more dangerous than any of the ones the community has seen before.
"The information that was compromised was localized to Alberta and British Columbia with a few out of Ontario," Citron said. "Equifax has a very large database. If someone has breached the system, they would have all the information -- not just 1,400 files. This is a situation where the people who perpetrated this (likely were) funded."
Citron offered this analogy: "If you were going out and wanted to rob a bank, you may want to go and buy a vehicle and paint it to look like an armored car and show up three minutes earlier. The point is that takes money, effort and time. Whoever did this, it took money, effort and time."
In terms of identity theft, while Canada lags significantly behind the U.S. in the number of ID thefts per year, the fact remains that Canadian numbers are increasing. According to numbers from Equifax and fellow credit reporting agency Trans Union of Canada, ID thefts increased from approximately 8,100 reported incidents in 2002 to more than 13,000 reported in 2003.
To combat these thefts, Citron said the industry is seeing more emphasis on database security.
"People were very concerned about the perimeter but now they understand that it is the databases that carry the gold mines and criminals are mining for them," she said.