Compared to 2019 statistics, the frequency of security
breaches today has increased by 20%, meaning that every 11 seconds one
ransomware attack happens in any part of the world and Canada is no exception.
As the average cost of a data breach for Canadian companies
is 5.4 million, both businesses and government take measures to strengthen
cybersecurity on an organizational and national level:
A Canadian company spends on average 11.1% of its IT budget
on security.
The government keeps issuing new legislation such as PIPEDA
(Personal Information Protection and Electronic Documents Act) and amendments
to the current regulations in order to regulate how companies handle customer-
and business-related data.
Below, we've reviewed the most infamous cybersecurity
breaches in Canada you should have heard, analyzing their causes and outcomes
for various companies and enterprises.
#1 IKEA's
Internal Data Breach Impacted Up to 100,000 Canadians
In May 2022, IKEA confirmed the internal security breach
reported between March 1-3 current year, when some of its customers' personal
information appeared in a generic search made by an IKEA employee. IKEA Canada
PR leader Kristin Newbiggin said that the incident hasn't affected the banking
or financial information of their clients.
After the breach was detected, the company was reassured
that security experts acted quickly to prevent the data leak. So, according to
the official announcements, no client data was used, stored, or shared as a
result, and no actions are required from the customers' side.
Nevertheless, many cybersecurity experts claim that along
with outside attacks, companies shouldn't overlook insider threats. Only in
2020, the cost of insider threats cost $11.45 million and will keep on
increasing in the upcoming years. That is why employees should be limited to
accessing solely the enterprise data they need to work with, which is usually
neglected by many companies today. Such a precaution can help to secure the
internal data yet prevent abusing the privileged access.
#2 Financial
Services Firm Exposed Personal Data of Over 10 Million Customers
The infamous privacy breach occurred in June 2019 and
spanned nearly two years without being noticed. The security department became
aware of it only after the organization had been notified by the federal
Privacy Commissioner, according to the report.
According to the commissioner's report, the rogue employee
siphoned sensitive personal information collected by Desjardins from customers
who had purchased or received products through the organization for at least 26
months. The exposed clients' data included first and last names, dates of
birth, social insurance numbers, street addresses, phone numbers, emails, and
transaction histories.
Desjardins' settlement will provide compensation for
identity theft and loss of time related to the personal information breach,
paying up to nearly $201 million to settle a class-action lawsuit. As
mentioned, the overall number of individuals affected by that privacy breach
has reached close to 9.7 million Canadians.
To minimize the risks of collection, storage, transmission,
or process of any sensitive data, it is recommended to regularly conduct
cybersecurity audits and system testing. This investment might seem
unreasonable at first, but can help you to timely identify the problems, as
well as determine and eliminate the breach-related vulnerabilities.
#3 Telecom Company
Bell Canada Reported About the Largest Customer Data Breach
Multiple attacks were also announced by Bell Canada, one of
the largest telecommunications companies in the country. According to the
announcement in May 2017, the data affected included close to 1.9 million
customer email addresses, as well as 1,700 names and phone numbers. The
responsibility for the attack wasn't named, but in the information released it
was mentioned the hackers were leaking the information due to Bell's failure to
cooperate with them.
Worth mentioning the fact that Bell wasn't announcing the
breach immediately upon discovery just to get more details before the official
notification to customers. Fortunately, no sensitive personal information, such
as financial data or passwords, has been affected. Bell's representatives have
been contacting the affected customers directly to notify them about the
incident and advise them to regularly change their passwords and security
questions, as well as watch out for suspicious emails. Overall, information
theft has affected nearly 1.9 million customers.
Nevertheless, that's not the sole cause of a security breach
in Bell Canada. Eight months later the company reported a similar case of a
data breach that affected up to 100,000 customers. The exposed information
included customers' key personal information, all of which could be sold in
underground markets and used for malicious activities.
#4 Home
Depot Canada Suffered a Customer Data Leak Following Systems Error
In November 2020, Home Depot Inc. in Canada started
receiving the first reports of the data breach that, according to the official
press release, "seems to be the result of an internal system error rather
than an external attack". Its customers started receiving reminder emails
by mistake for hundreds of orders that were ready to pick up, in some cases
users reported receiving up to 1,000 emails per one address or even more. The
email content included customer names, email addresses, order numbers, and the
last four digits of customer payment cards.
After the confirmation, Home Depot Canada claimed the system
error affected a "very small number of customers", but the cause of
the data breach was not disclosed. However, regardless of the small scope of
affected clients, there is still a huge threat to customer security, as a
personal data leak can be gold for a malicious actor. So, personal information
like that can be used for a convincing phishing email, clicking on which the
affected customers risk becoming victims.
#5 PayPal-owned
Canadian Firm TIO Networks Leaked 1.6 Million Clients' Records
Global digital payments giant, in December 2017, reported a
potential compromise of personally identifiable information for approximately
1.6 million customers on TIO Networks – a Canadian payments platform owned by
PayPal.
After the security system vulnerability was detected, TIO
Networks immediately suspended all operations of TIO Networks to protect the
clients' data and initiated an internal investigation, in which the experts
uncovered multiple cases of unauthorized access to TIO's network, including areas
that stored personal information of some of the company's customers and
customers of TIO billers. Regarding that, the company contacted all customers,
billers, and retailers affected as a result of the leak and claimed to keep
them updated about the instructions to secure their personal data. Fortunately,
TIO Networks' and PayPal's systems are completely separate, so the last one's
client data remains secure.
Comments
Post a Comment