A recent report by CTV News says that over 19 million Canadians have had their personal data breached between November 2018-June 2019. The numbers come from 446 breaches that were reported to the Office of the Privacy Commissioner of Canada (OPC). These types of data breaches leave the victims vulnerable to identity theft, financial crime, and even violence in some cases.
The rise in the amount of reports to the OPC can be attributed to the new breach disclosure laws which came into effect in November 2018. This is an increase of six times the number of reports received during the same time period under the previous voluntary reporting system. Even still, it is estimated that this number could still be higher, as it doesn’t factor in how often public bodies lose or mishandle personal data. While the federal government must report certain data breaches, there are no laws requiring political parties and many provincial public bodies to report data breaches to individuals or a privacy commissioner or ombudsperson.
Here is a breakdown of the 446 breaches reported: most (59 per cent) were a result of unauthorized access such as a hack or “internal bad actor”. 22 per cent were from accidental disclosures, such as information being sent to the wrong person or being left behind. Thirteen per cent of reports were from loss of data, which could be the physical loss of a usb drive or even paper files. Six per cent was from physical theft of things like computers, drives or paper files.
In addition to the new reporting rules, another factor driving the numbers so high for Canadians this year, is the high profile breach at Canadian Bank Desjardins, who suffered a major breach in June of this year, affecting 2.9 million Canadians. The breach was so big, it forced the government to hold an emergency parliamentary committee meeting. While we’d like to believe things will get better, that number is sure to climb, as in July of this year, 6 million Canadians had their personal data breached was illegally obtained by a single hacker that broke into Capital One, a U.S.-based credit card company. According to Bloomberg, the information stolen included the social insurance numbers (SINs) of roughly one million Canadians.