Report shows personal info on 144K Canadians breached by federal entities

As first reported by CBC, 10 government departments and agencies were responsible for breaching personal information on just shy of 8,000 occasions.
Written by Asha Barbaschow, Contributor

A handful of Canadian government departments and agencies have reportedly compromised the personal information of 144,000 individuals across 7,992 breaches experienced over the past two years.

As reported by the Canadian Broadcasting Corporation (CBC), the Canadian government revealed the information in an answer to an order paper question filed by Conservative MP Dean Allison late last month.

The information provided shows there were 7,992 breaches spread across 10 entities.

The Canada Revenue Agency (CRA) saw the most individuals affected, with 3,020 breaches involving 59,065 individuals.

According to CBC, the CRA blames the breaches on misdirected mail, security incidents, and employee misconduct.

"Two-thirds of the total individuals affected were as a result of three unfortunate but isolated incidents," the publication quotes a CRA spokesperson as saying.

Next was Health Canada, which was responsible for 122 breaches, affecting 23,894 individuals.

According to CBC, the agency said in its "most serious" breach, a government employee mistakenly received an email containing personal information. That person immediately notified the appropriate officials at Health Canada and deleted the email, the report said.

See also: How businesses can reduce the financial impact of data breaches (TechRepublic)  

CBC itself was responsible for the third-highest number of casualties, with 17 breaches affecting 20,129 individuals that were all employees. CBC in its report pointed to the May 2018 incident that saw the theft of computer equipment containing confidential information as "the most serious".

The Public Health Agency of Canada (PHAC) was responsible for seven breaches that affected 3,725 individuals; similarly, Environment was responsible for seven breaches, seeing 6,028 affected.

Public Services and Procurement experienced 164 breaches, with 5,149 affected; Employment and Social Development Canada suffered 1,421 breaches, affecting 3,586 individuals; Department of National Defence (DND) was responsible for 170 breaches, with 2,273 individuals affected; Immigration saw 3,005 breaches, affecting 4,268 individuals; and affecting 5,130 individuals was the 59 breaches Canada Post was responsible for.

The report also quotes Privacy Commissioner Daniel Therrien, saying the commissioner has been pushing for changes to the Privacy Act to make breach reporting mandatory, like it is elsewhere, such as in Australia.

"As it stands, federal departments only have to alert affected individuals in the event of 'material' breaches -- cases involving sensitive personal information which reasonably could be expected to cause serious injury or harm to an individual, or ones affecting large numbers of people," CBC explained.


100 million Americans and 6 million Canadians caught up in Capital One breach

Over 1 million Canadian social insurance numbers accessed in breach.

Data breach exposes diagnosis data of 34,000 medical marijuana patients

An electronic system used by a Canadian service and its parent company was compromised.

Desjardins, Canada's largest credit union, announces security breach

Data for 2.9 million bank members was taken from the bank's system by a now-fired employee.

Freedom Mobile data breach impacts thousands of customers

Updated: Unencrypted financial information has reportedly been compromised.

Hackers steal card data from 201 online campus stores from Canada and the US

Magecart group breached PrismRBS and modified the PrismWeb e-commerce platform.

Editorial standards