A cybersecurity expert says financial data breaches involving Canadians are getting bigger and happening more quickly.
Last week, U.S.-based Capital One unveiled details about a breach involving roughly six million Canadians.
The company said about one million Social Insurance Numbers (SINs) were compromised in the attack.
David Shipley, CEO of Fredericton-based Beauceron Security, said it is Canada’s largest-ever breach of financial information.
“The loss of the SIN, birth dates, home addresses, financial information — these are the keys to the financial fraud kingdom,” said Shipley.
“The consequences to Canadians are going to be severe.”
Capital One is now the reigning champion of Canadian financial sector breaches, having doubled the previous record set by Desjardins just a few months ago. Major breaches are happening more often and are growing in size. The time for effective regulation in Canada was yesterday.
— David Shipley (@davidshipley) July 30, 2019
Capital One said the information accessed was largely linked to those who applied for its credit cards between 2005 and early 2019.
Shipley said that raises a lot of questions when it comes to the issue of data retention.
“Why was Capital One keeping credit applications from 2005? Why were these applications either not accepted, processed and secured in another system or rejected and deleted?” he said.
Shipley said the vulnerability which allowed the hacker to get the information should not have been allowed to happen in the first place.
Update: We’ll begin notifying Canadians impacted by the cyber incident by mail or email only, starting the week of August 5, 2019. This process will take several weeks. Please visit https://t.co/L6sLjcgMhp for the most up-to-date information.
— Capital One Canada (@CapitalOneCA) August 2, 2019
The Capital One breach comes on the heels of a breach at Desjardins Group, where an employee leaked the data of 2.9 million members.
Shipley wants to see the federal government impose tougher penalties on firms at the centre of financial data breaches.
“Our fines are a joke in Canada,” he said. “The most that Capital One will face for a fine from regulators from a privacy perspective is maybe $100,000, whereas, in Europe, they would be facing hundreds of millions of dollars in fines.”
Shipley believes tougher penalties would force other companies to take action when it comes to investing in cybersecurity.
Follow
