skip to main content
Back to all blog posts

Posted in: Privacy | Data Security/Privacy

Sep 14, 2017

Equifax Breach - The Breach That Will Keep on Giving

By Paige Backman and Meghan A. Cowan

At this point, if you haven’t heard of the Equifax data breach, it could only be because you have rightfully been glued to the coverage of (or living through) Hurricane Irma, Harvey or Jose.

On September 7, 2017, Equifax revealed that it was the subject of a cybersecurity breach over the summer. What people may not know or appreciate is that the Equifax breach is one of the, if not the, most significant and dangerous data breaches to date. While there were over 146 million files breached, it’s the highly sensitive and lucrative information at issue and the fact that many people may not even know Equifax has information on them. The nature and scope of information subject to the breach is everything one needs to steal your identity, buy items in your name, and clean out your bank accounts. For U.S. consumers alone, approximately 143 million names, birth dates, addresses and social security numbers were accessed by hackers.

During its investigation, Equifax also identified unauthorized access to personal information of Canadian residents. Further information on the impact on Canadians has not been released at this time. It has been noted that the Canadian breach may have involved names, addresses and social insurance numbers. Social insurance numbers are perhaps the most lucrative piece of information available and quickly opens up doors to identity theft and financial fraud. The Office of the Privacy Commissioner of Canada has stepped in and is reviewing the breach to determine the extent of the impact on Canadians’ privacy rights.

It’s not clear whether an Equifax-dedicated website and call centre set up last week will help Canadians because it uses U.S. social security numbers as identifiers, without offering an alternative. The Privacy Commissioner suggested Canadians can call Equifax at 1-866-828-5961 (English service) or 1-877-323-2598 (French service).

Many people may be thinking that they are safe because they don’t have any relationship with Equifax. That would be a miscalculation. Financial and credit information subject to the breach is often shared among credit reporting agencies under the guise of maintaining the integrity of the information within the credit reporting industry. This type of sharing is often in the fine print in the agreements with financial institutions and those other businesses from whom you’ve obtained credit, and people are often not aware that this happens.

Whether or not your financial and other personal information was exposed in the Equifax breach, it is a great time for everyone to start monitoring their credit score and activities, change banking passwords, check on their bank statements and credit statements regularly and talk with their bank about what else they can do to protect themselves. Perhaps every Wednesday at noon you’ll set aside some time to check on your bank accounts and credit card statements. Big inconsistencies in statements are easy to spot (and are often spotted by financial institutions themselves). However, little inconsistencies are what you also need to focus on. Identity theft and the draining of bank accounts can be done slowly, in increments and over long periods of time. Addressing the Equifax breach and all breaches involving similar information is not a short-term fix. It will take persistence, time and patience. 

Areas of Expertise

Related Categories

Related Blogs

Posted in: Privacy | Court Decision | Data Security/Privacy

Insights TheSpotlight
Texting and the Expectation of Privacy By Donald B. Johnston Dec 11, 2017 The Supreme Court of Canada published an important judgment on December 8, 2017, concerning whether or not Canadians have the right to expect that their texting conversations will remain private. Interestingly, the judgment of the court was split – which shows that even the cleverest lawyers can ...

Posted in: Data Protection | Privacy | Data Security/Privacy

Insights TheSpotlight
Ontario Court of Appeal Established New Privacy Rights – Utility Consumption Data and Grow Ops By Paige Backman Aug 21, 2017 If you are a utility monitoring consumption data, think twice before providing any of that information to the police. You may need to ensure the police first provide you with a warrant or other judicial authorization specifically requesting the information. The Ontario Court of Appeal, distinguis...

Posted in: Privacy

Insights TheSpotlight
Recent Changes to Ontario’s Personal Health Information Protection Act By Meghan A. Cowan Aug 17, 2017 There have been a number of new changes introduced with respect to Ontario’s Personal Health Information Protection Act (“PHIPA”). The Ontario government filed a new regulation on June 29, 2017 (Ontario Regulation 224/17 -- the “New Regulation”). The New Re...