Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Equifax Breach Affects 100,000 Canadians

Equifax revealed on Tuesday that the recent data breach affects roughly 100,000 Canadian consumers, but the company’s systems in Canada were not compromised.

Equifax revealed on Tuesday that the recent data breach affects roughly 100,000 Canadian consumers, but the company’s systems in Canada were not compromised.

Equifax Canada said the company’s investigation is still ongoing, but it believes the incident affects approximately 100,000 Canadians. Similar to the United States, the exposed information includes names, addresses, social insurance numbers, and, in some cases, credit card numbers.

“Equifax Canada can confirm that Canadian systems are not affected. We have found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases. Equifax Canada systems and platforms are entirely separated from those impacted by the Equifax Inc. cybersecurity incident widely reported in the U.S.,” the company said.

Impacted individuals will be notified via mail and they will be offered credit monitoring and identity theft protection services for one year at no charge.

Equifax said it notified MasterCard and Visa about the payment cards compromised in the breach. The company has also informed the Privacy Commissioner of Canada (OPC), the Commissioners in Alberta, British Columbia, and Quebec, and consumer reporting registrars in Ontario, Alberta and Saskatchewan.

While the number of individuals affected by the breach in Canada has only now come to light, some Canadian consumers launched a class action lawsuit within a week of disclosure. The initiators of the suit are seeking damages of $550 billion CAD ($450 billion US).

Equifax said cybercriminals had access to its U.S. systems between mid-May and late July after leveraging an Apache Struts 2 vulnerability that had been exploited in the wild since March.

The company said the breach affects roughly 143 million U.S. consumers and 400,000 customers in the United Kingdom. In the case of the U.K., the credit reporting agency revealed that the data was stored on U.S. systems between 2011 and 2016 due to a “process failure.” No such explanation has been provided by Equifax Canada.

Advertisement. Scroll to continue reading.

Equifax stock has dropped from roughly $140 to just over $90 following the breach and experts believe it could plunge as low as $50. The incident has already cost the company nearly $10 billion in market value.

The company’s Chief Security Officer and Chief Information Officer retired after the hack came to light.

In the United States, the Federal Trade Commission (FTC), congressional committees, and the Attorneys General in 40 states have announced the launch of investigations into the Equifax breach.

Related: Industry Reactions to Equifax Hack

Related: Equifax Cybersecurity Failings Revealed Following Breach

Related: Scammers Offer to Sell Data Stolen in Equifax Hack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...