Canadians are at a high risk of their important data and identity being stolen
More than 4 billion data records were stolen globally in the year 2016 based on confirmed online data breaches. That was a substantial increase from years prior and that number is continuing to increase. Businesses have been historically the prime targets (55%) but medical institutions and government agencies are also prime targets. Canada accounted for 119 of those incidents in 2016 which ranks our Country in the top 5 after the US and the UK for data breaches. Data breaches can damage all of us in a big financial way.Some 27,000 Canadians report being victims of identity theft every year -a number that many say is vastly underreported.
One of the larger breaches to date happened in 2016 when Yahoo reported in 2017 (!) that as many as 3 billion people had their emails breached by online fraudsters. In 2017 the largest breach was at Equifax the credit reporting organization. It’s still unclear how many records of the145 million individuals who had their personal information hacked were Canadian. The reporting was very delayed and unclear which makes it even more disconcerting given that Equifax is all about credit reporting and credit monitoring. YIKES! In 2018 Marriot the hotel chain experienced a significant breach of 323 million records but when reported, it was noted as a multi-year breach dating back to 2014 when hackers exploited a flaw in their cybersecurity to steal credit card details and other data. Double Yikes!
Under new federal privacy rules that came into force in Canada late last year, organizations are now obligated to report a breach involving personal information under its control if there is a “real risk of significant harm” to an individual. A reasonable and important change just in time for a new string of breaches that Canadians have big reason to worry about. In the past 3 months, 3 privacy breaches have occurred at Desjardins, Freedom Mobile and Capital One impacting Canadians.
Freedom Mobile in May of this year reported their security breach may have exposed the information of 15,000 users. In June, Desjardins Group reported a privacy breach that saw the leak of names, addresses, birthdates and social insurance numbers for approximately 2.7 million individuals and 173,000 businesses. And now in July, one of the largest issuers of credit cards in the world, Capital One has reported a data breach. In Canada, Capital One issues both the Costco and Hudson's Bay Company MasterCard which means as many as 6 million Canadians could be affected by this breach and as many as 1 million social insurance numbers could have been exposed. This makes this most recent breach the biggest security breach so far in Canada and makes the recent obligation of organizations to inform those impacted even more important; so please be on the lookout for that info which will be in writing and not by phone-be wary of any calls which are not going to be from Capital One.
The important lesson with all of these breaches or hacks especially with this most breach is that it's better to be prepared rather than unprepared. Hence, a blog about how to protect yourself and get ahead of these online hackers or at minimum, how to mitigate the damage a breach can otherwise have on you and your finances.
What are Hackers looking for?
Hackers are generally looking to get names, social insurance numbers, birth dates, addresses, credit card info and in some cases, driver’s license numbers. That’s critical information that if compromised, can result in a lot of damage. Criminals use that information to either access your accounts to steal from you directly or purchase in your name or they use that information in order to borrow money in your name.
11 ways to protect yourself and get ahead of financial hackers:
- Data security starts with a secure password. Don’t help hackers by using a really simple password like “password” which is the most popular password in use. Also, don't reuse the same password on multiple sites. Password managers can help do the strong password work for you and save you from the inconvenience and concern about memorizing them all.
- Use a firewall, anti-virus software and anti-spyware software. Also, use the most recent update of your operating system on your computer which usually updates security protection.
- Only shop on secure online sites that can be recognized with https in the URL. HTTPS stands for Hyper-Text Transfer Protocol Secure which means communication is encrypted and authenticated.
- Be wary of public WiFi. Most WiFi hotspots are not encrypting information. Using a public Wi-Fi that is protected with a password that is provided to you in say, your favourite coffee shop is like using a non password protected WiFi.
- Monitor your credit score and credit report on a regular basis to make sure nothing suspicious is happening. 26 million people have credit scores in Canada. When you check your own credit that would be considered a “soft hit” and so it doesn’t count like it would for a “hard Hit” when a credit card company looks at your credit, so please look at your credit report! Make it an annual event on your birthday. Lenders but also landlords and prospective employers may rely on that information in order to determine if they should approve financing, your rent application or offer you a job application. So it’s important that your file be accurate. There are free credit scores available from organizations like MOGO and Credit Karma that you can use. The two national credit bureaus in Canada, Equifax and TransUnion will provide a free credit report once per year but you have ot order it and it comes by regular mail. Yet another pet peeve of mine. Why is credit reporting not available for free since both credit reporting agencies have a vested interest in ensuring our information is accurate and not compromised?
- Sign up for credit monitoring with Equifax and/or TransUnion. It’s most frustrating that again, Equifax and TransUnion both charge for credit monitoring at a fee of between $12 and $30 a month depending on the plan. However, as a recent CBC Marketplace investigation found, no amount of monitoring will give you 100% guarantee that you will be protected from identity theft.
- Place a fraud alert on your credit files. A credit freeze to restrict access to your credit report to prevent the opening up of new credit accounts would be great. Unfortunately, this option is not yet available in Canada; only in the US. This needs to change. In the interim, call TransUnion and Equifax and have them place a fraud alert on your file. Legislation in Ontario, Manitoba and New Brunswick should ensure that that a lender takes reasonable steps to verify someone’s identity before a new account is opened but the same CBC Marketplace investigation I referenced earlier, found that this doesn’t always work the way it should to protect consumers the way it should. That’s why Canadians deserve to have a higher level of protection on their credit files by being offered credit freezes on their credit files.
- Open up your bank and credit card statements and review them! As an accountant, I’ve opened too many client statements which should have been opened up by clients and reviewed! That’s a sure sign that many are not watching their own activity to make sure nothing is awry or amiss. Report suspicious charges and cancel a card if you need to.
- Opt out of keeping your credit card information on file with an online retailer or vendor. It may be tempting for future purchases but skipping this convenience will reduce your risk of someone stealing your credit card info from the vendor you are dealing with
- Don’t give out your social insurance number when applying for a credit card or a cell phone. It’s not required so refrain from any pressure to provide it. Individuals only need to provide their SIN number for income tax purposes and to financial institutions for opening bank and investment accounts.
- Consider not using your personal email address for online banking and credit accounts. Use a "financial only" or "bills only" email address that you use only for online transactions in order that your personal email is not available on hundreds of various sites.
Stay Vigilant about protecting your important information
Generally, staying protected financially from fraud and identity theft in particular is about being vigilant about protecting your important financial information and being proactive enough to mitigate any damage should your information be compromised. So, start with a review of your credit information. Here are some links to help you make that happen:
Credit Karma https://www.creditkarma.ca/
Learn more about your right to privacy and about privacy breaches and the current guidelines on the Privacy Commisioner of Canada website