Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label SIN compromised. Show all posts

Mackenzie Investements: Canada’s Largest Investment Firm Confirms a Major Data Breach


One of Canada's major investment firms' clients' compromising their social insurance numbers (SIN) to a data breach is "so dangerous," according to a former high-level employee of the business.

Till his retirement in 2019, Terry Beck worked with Mackenzie Investments for almost 20 years as the operations manager. He divested his investment before he left. Regardless of this, a couple weeks ago, he reveals that he received a letter from his ex-corporation informing him that his SIN was compromised in a data breach.

In a letter dated April 27, Mackenzie told clients that InvestorCOM Inc., a third-party vendor, had been affected as a result of a cyber security breach involving data transfer provider GoAnywhere. One of the letters, which CTV News Toronto investigated, claimed that customer account numbers, names, and addresses had also been stolen.

On Monday, a Mackenzie spokesperson explained in a statement how the company now uses SINs in order to determine and provide notifications to its clients.

"Companies may use SINs as an identifier for reasons such as consolidating investor holdings so that fees associated with their account are reduced[…]They may also share a client’s SIN as a unique identifier to third parties such as a dealer, group plan sponsor, and third-party service providers," the spokesperson said.

Beck acknowledged the need to combine a client's accounts, but he questioned why a random sequence of numbers couldn't serve in place of a highly sensitive form of government identity as a unique identifier. “It could rear its head at any time down the road,” Beck said.

Following the ransomware attack, Mackenzie released a statement in which it expressed regret for the impact the hack has had on its clientele.

“Mackenzie takes privacy and data protection very seriously and we are committed to protecting the confidentiality of all personal information. We greatly regret any concern or inconvenience this incident may cause to our valued clients,” a company spokesperson said in the statement.

The spokesperson further confirmed that there has been no sign of any data misuse as of yet and that the firm reported the incident to the federal privacy commissioner, along with the provincial privacy commissions.

Clients Await Resources

Shelly Rae, a resident of Toronto and Mackenzie investor for around three decades, expressed concerns after she received a letter in the mail that her personal information had been compromised.

“When someone has your name, phone number, address and SIN, that’s a pretty significant breach,” she said. “They can go on to steal your identity.”

A Mackenzie spokesperson explains how the firm is currently experiencing “particularly high volumes” of calls, resulting in long wait times for victims of the breach, with the firm apologizing for the delays in responses.

“The TransUnion call centers are doing their best to address all client concerns as quickly as possible by enhancing service capacity to help manage call volumes. We are proactively working with TransUnion to manage the high volume of calls and appreciate people’s patience,” the spokesperson said.

In regards to the issue, Mackenzie confirms that it is monitoring a number of suspected sources for exposed data and that they did not yet find any evidence of misuse.