[ISN] Credit agency reports security breach

From: InfoSec News (isn@private)
Date: Thu Mar 18 2004 - 00:32:25 PST

  • Next message: InfoSec News: "[ISN] Delivering the 12kb Bomb"

    http://www.computerworld.com/securitytopics/security/story/0,10801,91319,00.html
    
    By Carly Suppa
    MARCH 17, 2004
    TORONTO 
    
    MARCH 17, 2004 - TORONTO - More than 1,400 Canadians, primarily in the
    provinces of British Columbia and Alberta, have been notified of a
    major security breach at Equifax Canada Inc., a national
    consumer-credit reporting agency.
    
    Equifax confirmed yesterday that it discovered the breach in late
    February and has notified affected consumers via registered mail
    asking that they contact the agency to review the contents of their
    respected credit files.
    
    According to reports, access was gained to the personal, detailed
    credit files of more than 1,400 people. The files contained social
    insurance numbers, bank account numbers, credit histories, home
    addresses and job descriptions.
    
    Equifax is working with the Royal Canadian Mounted Police to find the
    culprits of the unauthorized access. At press time, there was still no
    word on the success of the investigation.
    
    Equifax spokespeople refused to comment, but the company issued a
    statement that outlined the steps it is taking to ensure consumer
    protection.
    
    The company has activated alert messages reading "lost or stolen
    identification" on the credit file of each affected consumer, which
    Equifax said would "prompt potential creditors to carefully confirm
    the consumer's identity and will help protect the consumer from
    potential identity theft."
    
    The agency also stated it is providing affected consumers with a
    one-year free subscription to Credit Alert, a service that monitors
    credit file activity and alerts the consumer immediately of any
    changes "that could signal potential identity theft."
    
    This situation has the Canadian security community very concerned.  
    According to Rosaleen Citron, CEO of Burlington, Ont.-based security
    software firm Whitehat Inc., the breach is more dangerous than any the
    community has seen before.
    
    "The information that was compromised was localized to Alberta and
    British Columbia with a few out of Ontario," Citron said. "Equifax has
    a very large database. If someone has breached the system, they would
    have all the information -- not just 1,400 files. This is a situation
    where the people who perpetrated this [likely were] funded."
    
    Citron offered this analogy: "If you were going out and wanted to rob
    a bank, you may want to go and buy a vehicle and paint it to look like
    an armored car and show up three minutes earlier. The point is that
    takes money, effort and time. Whoever did this, it took money, effort
    and time."
    
    In terms of identity theft, while Canada lags significantly behind the
    U.S. in the number of ID thefts per year, the fact remains that
    Canadian numbers are increasing. According to numbers from Equifax and
    fellow credit reporting agency Trans Union of Canada, ID thefts
    increased from approximately 8,100 reported incidents in 2002 to more
    than 13,000 reported in 2003.
    
    To combat these thefts, Citron said the industry is seeing more
    emphasis on database security.
    
    "People were very concerned about the perimeter, but now they
    understand that it is the databases that carry the gold mines and
    criminals are mining for them," she said.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Mar 18 2004 - 02:58:49 PST