Equifax Canada says a massive cybersecurity breach at the consumer information company may have compromised sensitive personal information of about 100,000 Canadians.
The company, which provides credit history and credit ratings on individuals, said Tuesday the breached data may have included names, addresses, social insurance numbers and in some cases credit card numbers.
“We apologize to Canadian consumers who have been impacted by this incident,” Lisa Nelson, president and general manager of Equifax Canada, said in a statement.
“We understand it has also been frustrating that Equifax Canada has been unable to provide clarity on who was impacted until the investigation is complete. Our focus now is on providing impacted consumers with the support they need,” Nelson said in a release.
The company disclosed on Sept. 7 that the cybersecurity breach exposed the personal data of about 143 million Americans but, at that time, did not reveal the number of Canadians involved.
The company insists, however, that its Canadian systems are not affected.
“We have found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases,” the company said in a statement. “Equifax Canada systems and platforms are entirely separated from those impacted by the Equifax Inc. cybersecurity incident widely reported in the U.S.”
Equifax is directly contacting by mail the approximately 100,000 Canadian consumers that the company believes may have been impacted.
“For those Canadians whose credit card details have been compromised, we have provided that information to MasterCard and VISA for communication to the financial institution which, in turn, will communicate with their end customers,” Equifax said in a statement. “You will still be notified by us independently by mail and have the opportunity to enrol in our complimentary credit monitoring and identity theft protection service.”
The company is now facing investigations in Canada and the U.S.
At least two proposed class actions have been filed in Canada and many more in the U.S. against Equifax in connection with the data breach.
The cyberattack occurred through a vulnerability in an open-source application framework it uses called Apache Struts. The United States Computer Readiness team detected and disclosed the vulnerability in March, and Equifax “took efforts to identify and to patch any vulnerable systems in the company’s IT infrastructure.”
With files from The Canadian Press
For reasons beyond our control, and for an undetermined period of time, our comment section is now closed. However, our social networks remain open to your contributions.