Credit Score

TransUnion breach may have compromised personal data of 37,000 Canadians

By: Lisa Coxon on October 10, 2019

Another data breach of a major credit reporting agency in Canada has potentially exposed the personal financial information of thousands of Canadians.

TransUnion reported on Wednesday that data from 37,000 Canadians held by the agency may have been accessed in a breach this summer.

According to TransUnion, someone fraudulently accessed data using one of its business customers’ legitimate login credentials sometime between June and July.

A spokesperson for the company said, however, that this was not a result of the failure of its systems.

“The unauthorized access was not the result of a breach or failure of TransUnion’s systems or our customer’s system,” David Blumberg told the Globe and Mail.

It’s unclear what kind of personal information was compromised in the hack, and TransUnion hasn’t disclosed any details to that effect.

This is the second time in two years that a hack has hit one of Canada’s credit monitoring agencies.

In 2017, Equifax, which stores credit information for Canadians and Americans, suffered a data breach that exposed the information of 147 million people, including more than 19,000 Canadians.

In that case, the agency agreed to pay US$700 million in fines and penalties, but Canadian victims of the hack were not entitled to any of that money.

Capital One also reported a data breach earlier this summer, in which the personal information of six million Canadians was accessed. The credit card company is facing a class-action lawsuit for the ordeal, with plaintiffs seeking more than $350 million in damages.

The frequency of such breaches is no doubt concerning, but unfortunately customers have little choice when it comes to where and how their data is stored.

“The reality is this is a moving target,” Hasan Cavusoglu, an associate professor of management information systems at the UBC Sauder School of Business, told the Globe.

“Organizations are every day exposed to new type [sic] of attack vectors, new kinds of threat actors. As long as you do some kind of transaction, your data will inevitably fall into these companies.”