Canada Mortgage and Housing Corporation (CMHC) had the biggest privacy breach of any federal agency last year. They accidentally emailed personal information on 45,000 homeowners to an unnamed bank without notifying the Privacy Commissioner, according to newly-disclosed information.. Computer keyboard .“An email with an MS Excel attachment was sent to an external lender employee showing personal information and outstanding loan balances,” CMHC wrote in an Inquiry of Ministry tabled in the Commons. .“The file had been filtered for this lender and included records for other lenders that could be unfiltered.”.According to Blacklock’s Reporter, the spreadsheet revealed the personal information of 45,000 individuals with insured mortgages. None of the borrowers were informed about this breach. .CMHC only became aware of the incident after the bank, which received the spreadsheet, reported the mistake..The incident was disclosed at the request of Conservative MP Luc Berthold (Mégantic-L’Érable, QC) who asked “How many privacy breaches have occurred since Jan. 1, 2022, broken down by department, agency or other government entity?”.The distribution of 45,000 mortgage files was the biggest federal breach in 2022 but smaller than in earlier years. In 2017, VIA Rail exposed the personal information of 128,311 customers..“A subcontractor of one of our suppliers who conducts surveys on our behalf inadvertently made available on a server some of our customer lists on the internet while performing a series of tests,” Mylene Bélanger, spokesperson for the Crown railway, said at the time. .“These lists contained general information such as the individuals’ names, postal codes, email addresses and travel details.”.In 2013, the department of Employment admitted to misplacing a portable device containing important information about 585,236 students who borrowed through the Canada Student Loans program. The lost data included their names, addresses, credit histories, and Social Insurance Numbers. The lost records were never found. In 2018, a judge at the federal level approved a settlement of $17.5 million for the affected students in a class-action lawsuit..“It remains unclear whether the drive was stolen, merely lost or destroyed,” wrote Federal Court Justice Jocelyn Gagne. .“There is no evidence that a third party has ever accessed the personal information, much less that the personal information has been used for unlawful or improper purposes.”.The settlement did not include the cost of free credit protection for the half million borrowers, the cost of investigations or subsequent security upgrades. Court records indicated lawyers contracted a digital forensics company Cytelligence Inc. to determine whether any personal information led to identity thefts..“The investigation concluded that, based on the age of the information and given that Cytelligence could not uncover such evidence, it is unlikely the contents of the lost hard drive are in circulation on the dark web,” wrote Gagne.
Canada Mortgage and Housing Corporation (CMHC) had the biggest privacy breach of any federal agency last year. They accidentally emailed personal information on 45,000 homeowners to an unnamed bank without notifying the Privacy Commissioner, according to newly-disclosed information.. Computer keyboard .“An email with an MS Excel attachment was sent to an external lender employee showing personal information and outstanding loan balances,” CMHC wrote in an Inquiry of Ministry tabled in the Commons. .“The file had been filtered for this lender and included records for other lenders that could be unfiltered.”.According to Blacklock’s Reporter, the spreadsheet revealed the personal information of 45,000 individuals with insured mortgages. None of the borrowers were informed about this breach. .CMHC only became aware of the incident after the bank, which received the spreadsheet, reported the mistake..The incident was disclosed at the request of Conservative MP Luc Berthold (Mégantic-L’Érable, QC) who asked “How many privacy breaches have occurred since Jan. 1, 2022, broken down by department, agency or other government entity?”.The distribution of 45,000 mortgage files was the biggest federal breach in 2022 but smaller than in earlier years. In 2017, VIA Rail exposed the personal information of 128,311 customers..“A subcontractor of one of our suppliers who conducts surveys on our behalf inadvertently made available on a server some of our customer lists on the internet while performing a series of tests,” Mylene Bélanger, spokesperson for the Crown railway, said at the time. .“These lists contained general information such as the individuals’ names, postal codes, email addresses and travel details.”.In 2013, the department of Employment admitted to misplacing a portable device containing important information about 585,236 students who borrowed through the Canada Student Loans program. The lost data included their names, addresses, credit histories, and Social Insurance Numbers. The lost records were never found. In 2018, a judge at the federal level approved a settlement of $17.5 million for the affected students in a class-action lawsuit..“It remains unclear whether the drive was stolen, merely lost or destroyed,” wrote Federal Court Justice Jocelyn Gagne. .“There is no evidence that a third party has ever accessed the personal information, much less that the personal information has been used for unlawful or improper purposes.”.The settlement did not include the cost of free credit protection for the half million borrowers, the cost of investigations or subsequent security upgrades. Court records indicated lawyers contracted a digital forensics company Cytelligence Inc. to determine whether any personal information led to identity thefts..“The investigation concluded that, based on the age of the information and given that Cytelligence could not uncover such evidence, it is unlikely the contents of the lost hard drive are in circulation on the dark web,” wrote Gagne.
