Capital One breach the latest example of the growing risk of data hacks

TORONTO — This week’s massive Capital One data breach is the latest in a string of cyberattacks that experts say are becoming larger and more frequent, as corporations hold more personal data in online repositories that are a treasure trove for hackers.

“There’s definitely a rise in personal data theft, there’s a rise in data breaches,” said Claudiu Popa, a cybersecurity expert with Datarisk Canada.

The Capital One breach exposed the data of about six million Canadians, including about a million social insurance numbers. The company says it will start to notify affected Canadians next week either by letter or email.

The incident also exposed the data of roughly 100 million U.S. clients, including about 140,000 Social Security numbers and 80,000 linked bank account numbers.

In addition to credit card application data such as phone numbers, email addresses, dates of birth and self-reported income, the hacker was also able to access credit scores, credit limits and balances, as well as fragments of transaction information from a total of 23 days in 2016, 2017 and 2018.

The breach comes about a month after Desjardins Group said personal information from more than 2.9 million of its members was stolen, while major data breaches from Equifax, Marriott Hotels, Uber and other companies have exposed consumer data in the past few years alone.

A recent IBM study found that companies globally have a 30 per cent chance of experiencing a data breach within two years, up from 23 per cent in 2014.

Part of what’s making these breaches more common is that companies are collecting so much more information and thinking up new ways to make use of it, said Popa.

“It’s almost harder for us to anticipate what legitimate businesses are going to think up doing with the information that, for the most part, they over-collect, rather than for us to keep ahead of criminals.”

The trend to over-collect and hoard data should prompt customers to ask questions including how soon they will dispose of data, said Popa, given that the Capital One breach included credit card applications going as far back as 2005.

Customers should remember they can influence company policies, even if the hacks start to feel inevitable, he said.

The apparent inevitability of such attacks has, perhaps ironically, also made some consumers more blase.

“Unfortunately many people are jaded and desensitized because of the prevalence of all these attacks. It seems like it’s happening on a weekly basis, it seems like they are powerless to prevent them,” Popa said.

Data hacks and cybercrime, however, shouldn’t just be accepted, said Daniel Tobok, chief executive of Cytelligence Inc.

“It’s happening more and more, but it doesn’t mean it should be normalized or we should get used to it as just another day at the office. This is a problem.”

He said part of the problem is that Canadian regulations lack teeth and present limited options to fine companies, while jurisdictional issues make it hard to track and prosecute the thieves.

Another issue is that the thefts can be quite profitable, said Tobok.

“The real reason why there’s more and more breaches is because it’s extremely lucrative for the cybercriminals.”

The rise in data hacks has coincided with a rise in cybercrimes reported to police. Cyber-related fraud, for example, climbed from 7,332 incidents in 2014 to 16,422 last year according to Statistics Canada.

Companies need to be pressured to more proactively protect data through encryption and investigations, as too few are making the proper investments, he said.

“There’s still a feeling of it’s not going to happen to us,” said Tobok.

Criminals are also staying steps ahead of attempts to safeguard databases, said Iman Sharafaldin, a researcher at the Canadian Institute for Cybersecurity.

He said powerful automated tools and more access to information make it harder to stop breaches.

“Nowadays you can learn hacking stuff by searching YouTube videos.”

Given the challenges of safeguarding data, experts recommend that customers should think carefully before handing over any information to companies.

In the Capital One breach, for example, social insurance numbers from a million Canadians were stolen — even though the number isn’t required in a credit card application.

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Lack of nurses stressing Red Deer hospital staff, says union

‘We don’t have enough nurses to do the work that’s required’

Reports of horse fever confirmed in central Alberta

So far central Alberta horse experts have seen three cases of Potomac… Continue reading

Alberta’s disaster risk assessment plan in poor shape, says auditor

Disaster costs have greatly expanded since 2003

Student invokes bear to represent Indigenous strength

Red Deer Catholic Regional Schools project

Recovery plan inspires confidence but Canadians like working from home for now: Poll

Fear of a worse second wave may explain why workers want to work from home

QUIZ: Do you know what’s on TV?

Fall is normally the time when new television shows are released

Charity Checkstop returns to Red Deer this weekend

Event goes Oct. 3 from 9:30 a.m.- 4:30 p.m.

CP Holiday Train cancelled this year; virtual concert to be held in lieu of event

Canadian Pacific will still donate to local food banks in its network and host a virtual concert.

Wetaskiwin residents walk 376 km for charity

Gary Mason and Tracey Paluck raised $10,000 for Crohn’s and Colitis Canada

David Marsden: Molly Banister extension must be kept

‘It would be a mistake to take a sensible response to future residential development off the table’

Toronto Blue Jays won’t pitch ace Ryu in playoff opener against Rays

Toronto grabbed eighth playoff spot with a record of 32-28

The only debate moderator to return, Fox’s Wallace preps

Known as methodical, even-tempered and never showy

Steve Harvey talks show revival on Facebook Watch, NBC split

Launches new talk show ‘Steve on Watch’

Most Read