Capital One breach the latest example of the growing risk of data hacks

TORONTO — This week’s massive Capital One data breach is the latest in a string of cyberattacks that experts say are becoming larger and more frequent, as corporations hold more personal data in online repositories that are a treasure trove for hackers.

“There’s definitely a rise in personal data theft, there’s a rise in data breaches,” said Claudiu Popa, a cybersecurity expert with Datarisk Canada.

The Capital One breach exposed the data of about six million Canadians, including about a million social insurance numbers. The company says it will start to notify affected Canadians next week either by letter or email.

The incident also exposed the data of roughly 100 million U.S. clients, including about 140,000 Social Security numbers and 80,000 linked bank account numbers.

In addition to credit card application data such as phone numbers, email addresses, dates of birth and self-reported income, the hacker was also able to access credit scores, credit limits and balances, as well as fragments of transaction information from a total of 23 days in 2016, 2017 and 2018.

The breach comes about a month after Desjardins Group said personal information from more than 2.9 million of its members was stolen, while major data breaches from Equifax, Marriott Hotels, Uber and other companies have exposed consumer data in the past few years alone.

A recent IBM study found that companies globally have a 30 per cent chance of experiencing a data breach within two years, up from 23 per cent in 2014.

Part of what’s making these breaches more common is that companies are collecting so much more information and thinking up new ways to make use of it, said Popa.

“It’s almost harder for us to anticipate what legitimate businesses are going to think up doing with the information that, for the most part, they over-collect, rather than for us to keep ahead of criminals.”

The trend to over-collect and hoard data should prompt customers to ask questions including how soon they will dispose of data, said Popa, given that the Capital One breach included credit card applications going as far back as 2005.

Customers should remember they can influence company policies, even if the hacks start to feel inevitable, he said.

The apparent inevitability of such attacks has, perhaps ironically, also made some consumers more blase.

“Unfortunately many people are jaded and desensitized because of the prevalence of all these attacks. It seems like it’s happening on a weekly basis, it seems like they are powerless to prevent them,” Popa said.

Data hacks and cybercrime, however, shouldn’t just be accepted, said Daniel Tobok, chief executive of Cytelligence Inc.

“It’s happening more and more, but it doesn’t mean it should be normalized or we should get used to it as just another day at the office. This is a problem.”

He said part of the problem is that Canadian regulations lack teeth and present limited options to fine companies, while jurisdictional issues make it hard to track and prosecute the thieves.

Another issue is that the thefts can be quite profitable, said Tobok.

“The real reason why there’s more and more breaches is because it’s extremely lucrative for the cybercriminals.”

The rise in data hacks has coincided with a rise in cybercrimes reported to police. Cyber-related fraud, for example, climbed from 7,332 incidents in 2014 to 16,422 last year according to Statistics Canada.

Companies need to be pressured to more proactively protect data through encryption and investigations, as too few are making the proper investments, he said.

“There’s still a feeling of it’s not going to happen to us,” said Tobok.

Criminals are also staying steps ahead of attempts to safeguard databases, said Iman Sharafaldin, a researcher at the Canadian Institute for Cybersecurity.

He said powerful automated tools and more access to information make it harder to stop breaches.

“Nowadays you can learn hacking stuff by searching YouTube videos.”

Given the challenges of safeguarding data, experts recommend that customers should think carefully before handing over any information to companies.

In the Capital One breach, for example, social insurance numbers from a million Canadians were stolen — even though the number isn’t required in a credit card application.

Just Posted

Vikings Days a celebration of Danish immigration, culture

The Danish Canadian Museum near Dickson held its annual Viking Days celebration… Continue reading

Red Deer would be the site of potential TV show

A potential TV show aims to bring Red Deer kids across the… Continue reading

Oilsands firms considering diluent recovery units to boost crude-by-rail volumes

CALGARY — Ongoing pipeline project delays and growth in crude-by-rail capacity from… Continue reading

WATCH: ‘Lots to see and do’ at Pioneer Days in Red Deer

Sunnybrook Farm Museum is celebrating its 24th annual Pioneer Days this weekend.… Continue reading

Your community calendar

Thursday The Red Deer and District Garden Club hosts its annual Flower… Continue reading

Canada ‘disappointed’ terror suspect’s British citizenship revoked

OTTAWA — The United Kingdom is shirking its share of the international… Continue reading

Federal and provincial leaders to march in Montreal’s Pride parade

MONTREAL — A number of federal and provincial leaders are expected in… Continue reading

Regina woman suing after tip of son’s penis cut off in circumcision

REGINA — A Regina mother has filed a lawsuit alleging negligence after… Continue reading

Maxime Bernier tells party faithful he will make it into the leaders’ debates

OTTAWA — Maxime Bernier argued that not inviting him to take part… Continue reading

Alberta suspects lead Mounties on chase before their capture in Camrose

CAMROSE, Alta. — Mounties from the Wetaskiwin, Alta., detachment had their hands… Continue reading

Man dies in hospital after aggravated assault in Winnipeg, police say

Winnipeg police say a man is dead after he was allegedly assaulted… Continue reading

Advocates ‘internationalize’ the fight to free Raif Badawi from Saudi prison

MONTREAL — More than seven years after Raif Badawi was thrown in… Continue reading

Most Read