Skip to main content
Access every election story that matters
Enjoy unlimited digital access
$1.99
per week for 24 weeks
Access every election story that matters
Enjoy unlimited digital access
$1.99
per week
for 24 weeks
// //

Signage at the corporate headquarters of Equifax Inc. in Atlanta, on July 21, 2012.

Mike Stewart/The Globe and Mail

MPs chastised an Equifax Canada executive Monday for not doing more to make amends to thousands of Canadians whose personal information was compromised by hackers.

John Russo, chief privacy officer for the Canadian branch of the global credit-reporting firm, faced a barrage of pointed questions at a House of Commons committee over how the breach happened and the adequacy of the company's response.

Russo unreservedly apologized for the lapse at Equifax's U.S. parent that affected 19,000 Canadians this year.

Story continues below advertisement

"Being a trusted steward of information has long been one of Equifax's core principles, so we were devastated when this happened," Russo told the Commons committee on information, privacy and ethics.

"I can assure you that in the months and years leading up to this incident, Equifax U.S. did not take data protection lightly. In fact, it has invested aggressively, particularly over the past five years, in security and network resilience. Nevertheless, a cyberattack and breach occurred, and information was stolen by criminals."

The breach included names, addresses and social insurance and credit card numbers, as well as usernames, passwords and secret question/secret answer data.

Hackers also accessed or stole the personal data of 145.5 million U.S. consumers and nearly 400,000 Britons in the breach, which was discovered July 29.

Equifax first notified the public of the breach on Sept. 7, though it says the unauthorized access is thought to have happened from mid-May through July.

Equifax has notified affected Canadians by mail – making efforts to ensure it has up-to-date postal addresses – and has offered them free credit monitoring and identity theft protection for one year.

The protection includes daily credit monitoring with alerts, daily access to personal Equifax credit reports and scores, Internet scanning of suspicious credit-card number and SIN use, and up to $50,000 of identity theft insurance to help affected people with out-of-pocket expenses.

Story continues below advertisement

Conservative MP Bob Zimmer, the committee chairman, said given that the effects of identity theft "can be life-changing," $50,000 seems insufficient to cover people.

"They might not be able to buy a house, they might not be able to have a car for many, many years," he said.

"I would challenge you to do the right thing and make sure that Canadians are made whole again if affected by this."

Liberal MP Brenda Shanahan questioned why the company would end full protection for the 19,000 Canadians after one year.

"It should be for life, Mr. Russo – for life."

More than 1,600 Canadians have signed on for the complimentary protection services to date, and some who were notified more recently are likely to do so in coming days.

Story continues below advertisement

Russo said Equifax was eyeing the so-called dark web – the shadowy, underground corners of the internet – for "any suspicious traffic" linked to the compromised information.

Liberal MP Nathaniel Erskine-Smith asked Russo to follow up in writing about what the company was doing to monitor the dark web.

So far, Equifax says it has no complaints of fraudulent activity linked to the affected Canadians.

The committee has been studying Canada's private-sector privacy law, including the possibility of giving the privacy commissioner power to levy fines.

Russo insisted the company was taking steps to ensure such a breach never happens again. "We want to go above and beyond the industry standard."

Since the lapse, Equifax Canada has held regular meetings with the privacy commissioner's office and provincial counterparts, he added.

Report an error
Tickers mentioned in this story
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies