A cybersecurity expert says financial data breaches involving Canadians are getting bigger and happening more quickly.
Last week, U.S.-based Capital One unveiled details about a breach involving roughly six million Canadians.
The company said about one million Social Insurance Numbers (SINs) were compromised in the attack.
David Shipley, CEO of Beauceron Security, says it is Canada’s largest-ever breach of financial information.
“The loss of the SIN, birth dates, home addresses, financial information — these are the keys to the financial fraud kingdom,” said Shipley. “The consequences to Canadians are going to be severe.”
Capital One said the information accessed was largely linked to those who applied for its credit cards between 2005 and early 2019.
Shipley says that raises a lot of questions when it comes to the issue of data retention.
“Why was Capital One keeping credit applications from 2005? Why were these applications either not accepted, processed and secured in another system or rejected and deleted?” he says.
Shipley says the vulnerability which allowed the hacker to get the information should not have been allowed to happen in the first place.
The Capital One breach comes on the heels of a breach at Desjardins Group, where an employee leaked the data of 2.9 million members.
Shipley wants to see the federal government impose tougher penalties on firms at the centre of financial data breaches.
“Our fines are a joke in Canada,” he says. “The most that Capital One will face for a fine from regulators from a privacy perspective is maybe $100,000, whereas, in Europe, they would be facing hundreds of millions of dollars in fines.”
Shipley believes tougher penalties would force companies to take action when it comes to investing in cybersecurity.
