Data Breach 583,000 victims of student loan Canadian students are compromised & at RISK and there “Names, SIN numbers, contact info. missing
Minister Diane Finley called the incident “unacceptable and avoidable.”
A Federal agency has lost a portable hard drive containing personal information about more than half a million people who took out student loans.
Human Resources and Skills Development Canada said Friday the device contained data on 583,000 Canada Student Loans Program borrowers from 2000 to 2006. The missing files include student names, social insurance numbers, dates of birth, contact information and loan balances of borrowers, as well as the personal contact information of 250 department employees.
Borrowers from Quebec, Nunavut and the Northwest Territories during this time period are not affected.
No banking or medical information was on the portable device.
Human Resources Minister Diane Finley said she has called on the RCMP to assist with the incident, “given its serious nature.”
“I want all Canadians to know that I have expressed my disappointment to departmental officials at this unacceptable and avoidable incident in handling Canadians’ personal information,” she said in a statement.
In addition, the office of the federal privacy commissioner announced Friday it would investigate this incident.
The department is sending letters to affected people, for whom it has current contact information, to advise them on how to protect their personal information.
The loss of the hard drive from an office in Gatineau, Que., came to light as the department looked into another breach — a missing USB key containing the personal information of more than 5,000 Canadians.
The privacy commissioner’s office has already begun a probe of that incident, which was publicized last month.
Human Resources says that while there is no evidence any of the information in the latest breach has been used for fraudulent purposes, an extensive search for the hard drive continues.
In her statement, Finley said she had directed officials to take immediate action to ensure “that such an unnecessary situation” does not happen again.
She has requested that departmental employees across Canada receive information about “the seriousness of these recent incidents” and that they participate in mandatory training on a new security policy.
The new policy immediately bans portable hard drives within the department. In addition, unapproved USB keys are not to be connected to the computer network.
All portable security devices will be assessed for the risk they pose, to ensure that appropriate safeguards are in place.
New data-loss prevention technology — which can control or prevent the transfer of sensitive information — will also be introduced.
Finally, staff will be subject to disciplinary measures, including possible firing, should privacy and security codes not be followed.
Alyson Queen, a spokeswoman for the minister, said the Mounties were contacted Monday. “They will determine what further steps are required.”
About 2,500 Victims have joined on a closed Facebook group who are affected by the privacy breach, which has an active message board where members share news, ask each other questions and vent their anger at the government.
Cloud can be a bit cloudy and portable storage device is completely secure if someone doesn’t lose it, or only downloads non-critical information on it. Cloud computing means the files won’t be physically on a device that can end up in the wrong hands, but it would still require some kind of authentication to log in and access the data. That means passwords, and anyone who works in the IT industry can tell you umpteen horror stories about lost, stolen or otherwise ineffective passwords.