Skip to main content

This July 21, 2012, file photo shows Equifax Inc., offices in Atlanta.

Mike Stewart/THE ASSOCIATED PRESS

In the wake of a massive cyber attack affecting credit-monitoring company Equifax Inc., Canadian consumers may want to set up a fraud alert on their credit reports.

In addition, consumers are being urged to monitor their online personal data and be more vigilant about what information they give out after the security breach at Equifax, the latest in a growing list of high-profile cyber attacks.

Experts say the breach, which the company says affected 143 million Americans and an unknown number of Canadians, is a reminder to consumers that their personal data is always at risk. Many companies are relying on the latest technology to boost their online security, but continue to struggle to stay ahead of cyber attackers.

Story continues below advertisement

"Our personal data is shared and circulated among many different organizations," says Robert Masse, partner, Cyber Risk Services at Deloitte Canada. "Unfortunately, the reality is that organizations are having difficulty dealing with the majority of threats out there – you have to assume that your data has already been compromised."

The Equifax security breach is significant for its size and because the company is in the business of collecting and monitoring consumer data. The Atlanta-based company, one of the Big Three credit bureaus in the U.S., said criminals exploited a U.S. website application to access files between mid-May and July.

The company said the information accessed primarily includes names, social security numbers, birth dates, addresses and some driver's license numbers.

"Criminals also accessed credit card numbers for approximately 209,000 U.S. consumers and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers," the company stated. Equifax also said there was "no evidence of unauthorized activity" on its consumer or commercial credit reporting databases, and that the "issue has been contained."

An Equifax Canada spokesperson declined to comment on Friday, saying in an e-mail that the company has "no further information to contribute at this point." The company is directing consumers to its website www.equifaxsecurity2017.com, where they can check if they've been affected by filling out a form using their last name and last six digits of their social security number or social insurance number for Canadians.

That process itself has raised eyebrows since the information required includes pieces of the same data Equifax is offering to protect. Until Nov. 21, Equifax is also offering consumers the option to enroll in its TrustedID Premier monitoring service free for one year.

Andrew Latham, digital content editor at SuperMoney, an American company that offers online personal finance tools, says he was affected by the Equifax breach and was planning to put a security freeze on his credit report, which prevents others from accessing his data to apply for credit cards or other credit accounts. (A security freeze is only available in the U.S.).

Story continues below advertisement

For consumers who can't put a credit freeze on their report, including Canadians, Mr. Latham recommends setting up an identity fraud alert. "This makes it so the credit bureaus have to check you are who you claim to be when you ask to see your credit reports," he says. "That's another level of security worth doing."

Mr. Latham also recommends consumers regularly monitor their bank and credit card statements for unauthorized transactions.

"The truth is, breaches like this happen all of the time," Mr. Latham says. "We need to be taking steps to protect our identity."

He also recommends consumers check services such as https://haveibeenpwned.com/, which shows consumers if their e-mail or username has been affected by a breach in the past.

"If your e-mail has been affected, definitely change your password," Mr. Latham says.

Mr. Masse of Deloitte says consumers should also be more careful about what information they give out online, especially when signing up for products or services where you don't pay anything.

Story continues below advertisement

"When you sign up for [some of] these websites … you're not a customer, you're a product," Mr. Masse says. "What you're trading as a product is your personal information … you have to think of the trade off."

In some cases, consumers have no choice but to provide personal data needed to set up accounts for essential services such as a phone, utilities and even paying taxes.

"It's not feasible to say, 'just don't give out your data,'" says Mr. Masse. "Once you give your information to organizations, you're at the mercy of their cyber security budget, their security posture and how they manage the data."

Editor's note: A previous version of this article incorrectly suggested that Canadians can put a "security freeze" on their credit reports. That service is only available in the U.S., according to customer service representatives at both TransUnion and Equifax.

Report an error Editorial code of conduct
Tickers mentioned in this story
Unchecking box will stop auto data updates
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

If your comment doesn't appear immediately it has been sent to a member of our moderation team for review

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.