E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


CRIMINALS BREACH EQUIFAX SECURITY FOR SECOND TIME

Source: The Globe and Mail

Posted on June 17, 2005

      For the second time in about a year, the credit reporting company Equifax Canada Inc. has suffered a security breach that has given criminals access to personal financial information of hundreds of Canadians.

      The latest case came to Equifax Canada's attention several months ago, but was made public only yesterday.

      Criminals that breached the firewall gained access to 605 consumer files, which contain personal information ranging from names and addresses to type of bank loans and credit cards, payment obligations and social insurance numbers. Credit card and bank account numbers are not part of the files, but security experts say the information in the files can be used by criminals for identity theft and even to build bogus business accounts.

      "Their first goal is to steal as much as they can and then see what they can do with it," said Claudiu Popa, president of Informatica Corp., a network security consultancy in Toronto.

      A more sophisticated use would be to try to correlate some of the data with other financial information, and open merchant accounts using the stolen names. Those accounts could then be used to create bogus e-commerce sites that steal from unsuspecting on-line shoppers, he said.

      Neither Equifax nor police would say whether the information has been put to malicious use.

      A spokeswoman for Equifax Canada, Marie-Line Colangelo, said the company has informed, by mail, all the people affected, and the breach has been secured. It has also tagged the affected accounts with the heading "lost or stolen identification" to warn creditors to confirm the consumer's identity to protect against possible identity theft.

      She would not comment on whether the unauthorized access was by hackers breaking into Equifax Canada's computer systems, by physical theft of the information, or by other means. In a statement, the company said: "We have learned of an incident involving what appears to be the improper use of one of our customer's access codes and security passwords."

      The RCMP said it was contacted by Equifax Canada several months ago and has been conducting an investigation since then out of British Columbia, where most of the affected individuals live.

      Corporal Anthony Choy, an RCMP spokesman, would not say if the two security breaches were connected. The investigation into the first one is still under way and no arrests have been made, he said.

      A little over a year ago, Equifax reported that criminals posing as legitimate credit grantors had accessed the credit files of roughly 1,400 consumers, primarily in B.C. and Alberta.

      Mr. Popa said it's widely assumed in the security industry that the 2004 attack occurred when criminals managed to fool Equifax's on-line account system into granting administrator-like access - known as an elevation of privilege attack. It's entirely possible that elements of the first crime were still present in Equifax Canada's computer system, allowing for a second breach, or that the criminals had help from the inside, Mr. Popa said.

      "For a credit reporting agency, this is a huge hit," he said. "All the trust goes out the window."




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.