Data Breach at Equifax and Canadian Relocation – more of a connection than you think!

All Points Relocation Canada wants to bring the issue of data security and privacy to the attention of our readers. A few weeks ago it was reported that there was a huge data breach at credit reporting company Equifax. This exposed sensitive information, such as Social Security numbers and addresses, of up to 143 million Americans.

The hackers accessed personal information such as names, Social Security numbers, birth dates, addresses, credit card numbers and the numbers of some driver’s licenses.

Equifax said the breach happened between mid-May and July. It discovered the hack on July 29. It informed the public on September 7.

Did you know that Canadian relocation companies hold equally private information?  So do Destination Services Companies. At any time we may hold passport information, social insurance information, full name, date of birth, address, lease information, moving dates, etc. Any data breach of this information could lead to an array of crimes from simple robbery to identity theft.  You need to feel confident that your Canadian relocation provider and your Canadian destination service provider have data security and privacy as a top priority and can prove it to you.

New Proposed Legislation from the Canadian of Government

In a related story on September 2, 2017, the Government of Canada published proposed “Breach of Security Safeguards Regulations”. The PIPEDA provisions will require an organization to notify affected individuals, and report to the Office of the Privacy Commissioner of Canada (“OPC”), as soon as feasible, regarding any data breach which poses a “real risk of significant harm” to any individual whose personal information was involved in the breach.

Failure to notify the OPC of a security breach, as required by the PIPEDA provisions yet to come into force, is an offence, punishable by a fine of up to $100,000.

PIPEDA also contains a private right of action for affected individuals. This could result in damages being awarded by the Federal Court of Canada for failure to notify affected individuals.

However, All Points Relocation Canada feels this proposed data breach law is cold comfort in most cases.  A company needs to know that they were breached in order to report this. Many companies have no clue if they were breached. Such knowledge is certainly not a given in the Canadian relocation or Canadian destination service industry. You should be able to ask your relocation provider about their security provisions and if they would be aware if there were a security breach.

Are Canadian Destination Service providers the weak link?

One of the problems with the relocation industry is that this private information lies with destination service providers, which tend to be smaller organizations without the resources for security measures that cost in the $100,000s.  Just to be clear, having a copy of McAfee or Symantec is not even close to sufficient. Such software simply watch for a known virus or malware. Data breaches and the loss of information come from active efforts of hackers.

Now hacking is all about information.  Governments and criminal organizations are behind hacking.  They are either after taking your money directly or taking your information.

Price of Admission

So, in short, while Canadian destination service providers may not have the resources for a multiple $100,000 solution, your transferee’s information is important enough to demand that.  This is the price of admission to keep out possible breaches and to know when they have occurred and stop hackers from leaving your environment with important information.

You should feel comfortable asking your Canadian relocation provider and your Canadian destination service provider about their security. You should know that it is impossible to even be aware of the threats on a network without:

  • Firewall with Stateful Packet Inspection
  • Intrusion Detection System on Firewall and core infrastructure
  • Intrusion Prevention System integrated with all IDS sensors
  • SIEM for aggregation of all incidents on the network

Important!  Without a SIEM, you can’t tell if your data was breached.  This means that your vendor could get blind-sided with extremely high fines (up to $100,000 per incident) if data does leak and they only find out after the fact from external sources.  Could your destination provider easily continue to offer the level of service you require of after such fines?

Test your vendor

It is also reasonable to test your vendor with:

  • A free and public vulnerability test run in non-invasive mode to ensure their infrastructure is not open to all hackers with near zero barrier of entry.

All Points Relocation Canada takes data security seriously and have taken all measures noted above. We predict a day when data security testing such as that noted above will be standard during the selection of relocation and destination service vendors to provide services or products.  We encourage corporate Canada to make that day now.

Learn more about our secure technology here.

We're glad you visited!

Come back for more articles.

Can we help you with anything?