TORONTO ― A hacker gained access to financial data on tens of thousands of Canadians this past summer through a database run by a major credit rating agency.
The compromised data belonged to TransUnion, one of a handful of rating agencies operating in Canada that prepare credit reports on consumers, and give certain businesses access to their reports online. It was accessed using the access code of a TransUnion customer business.
“The unauthorized access was not the result of a breach or failure of TransUnion’s systems or our customer’s systems,” a TransUnion spokesperson said in a statement emailed to HuffPost Canada.
“The protection of consumer information is our top priority, and we proactively notified approximately 37,000 Canadians whose information may have been accessed, as well as the Privacy Commissioners,” the spokesperson stated.
Watch: So you’ve been hit with a data breach. Now what? Story continues below.
The company said all individuals who may have been affected by the breach have been notified.
A credit rating agency file includes things such as the various debts a person is carrying and how much they owe, as well as payment history, typically going back seven years. The data is linked to a person’s Social Insurance Number.
According to a report at IT World Canada, the hacker accessed the data using an access code that belonged to CWB National Leasing, and had access to the data between June 28 and July 11 of this year.
- Watch: What To Do If You've Been Hit With A Data Breach
- Revenue Quebec Employee Arrested For Internal Data Breach
- Capital One Credit Data Breach Affected 6 Million Canadians
The incident has echoes of another compromise of credit rating information, at TransUnion’s competitor, Equifax. In that 2017 incident, hackers gained access to databases holding financial info on 147 million consumers, including 19,000 Canadians.
Equifax recently agreed to a US$650-million settlement in that breach, with affected individuals eligible for up to $125 in compensation, but that deal does not cover Canadians affected by the breach.