“Canada is lagging 10 to 15 years behind. Technology has evolved and legislation has stayed the same. Canadians are not protected enough,” Cytelligence CEO Daniel Tobok told Diane Bruckner, on CBC’s “On the Money,” on September 21, 2017.
“The Equifax breach is the largest breach in history,” said Tobok.
The same day, Canada’s privacy commissioner, Daniel Therrien, announced that 90 per cent of Canadians don’t feel that organizations are doing enough to protect their confidential data. People feel “utterly powerless” about how organizations handle their personal information and Canada’s privacy laws as being “critically outdated.”
In his report to Parliament, Therrien recommended that additional measures be put in place about how Canadians are asked for their consent on how companies collect, use, and disclose personal information of customers and users, including user-friendly language.
More importantly, Therrien would like the Office of the Privacy Commissioner to move toward a more proactive enforcement model, rather than just reacting to the complaints of individuals. One of the measures being considered is heftier fines for organizations that don’t do enough to protect users’ data and get breached. In Europe, for example, companies have been fined $30 million for not doing enough to keep their customers’ data safe.
Tobok said that Cytelligence is trying to negotiate with the sellers of the data from the Equifax breach on the Dark Web, to determine if it is real. Cytelligence is also trying to quantify the data that the cyber criminals took.
“To pull off a hacking like this, on this scale, that affects 143 million people in the U.S. and 100,000 Canadians, it could be a state-sponsored actor or it could be organized crime,” said Tobok.
“These types of big hacks take between three to six months to plan and execute,” added Tobok.
“The big problem with the Equifax hack is that the cyber criminals stole data that is then going to allow them to steal people’s identities, open bank accounts, and apply for mortgages. And Canadians are affected even if they are not Equifax customers. Equifax is the keeper of a lot of financial transactions of Canadians,” said Tobok.
To protect themselves, Tobok said that people should monitor their credit card statements monthly. They should also be aware that the cyber criminals will now try to use the data, so there will be a wave of phishing emails asking people to click on malicious links. As well, there will be more telephone fraud attempted with the stolen Equifax data.