Equifax Canada said a massive cybersecurity breach at the company may have exposed the personal information of about 100,000 Canadian consumers.
Equifax is a consumer information company that provides, among other services, credit information and credit ratings on individuals.
The company disclosed on Sept. 7 that the cybersecurity breach exposed the personal data of about 143 million Americans but, at that time, did not reveal the number of Canadians involved.
Equifax Canada said the information includes names, addresses, social insurance numbers (SIN) and, in limited cases, credit card numbers.
“We apologize to Canadian consumers who have been impacted by this incident,” said Lisa Nelson, president and general manager of Equifax Canada.
“We understand it has also been frustrating that Equifax Canada has been unable to provide clarity on who was impacted until the investigation is complete. Our focus now is on providing impacted consumers with the support they need,” Nelson said in a release.
Canada’s privacy commissioner said Friday it had opened an investigation into the data breach after receiving several complaints and dozens of calls from concerned Canadians.
Equifax said it has been working with the Office of the Privacy Commissioner of Canada (OPC) and will be sending notices via mail directly to all impacted consumers outlining the steps they should take.
“For impacted Canadians we will also be providing complimentary credit monitoring and identity theft protection for 12 months,” the firm said.
The company is also telling Canadian consumers to be vigilant in reviewing their account statements and credit reports. Equifax said consumers should immediately report any unauthorized activity to their financial institutions, and it recommends that they monitor their personal information.
Equifax has said the breach of its system occurred between mid-May through July, and it learned of the hack on July 29.
Earlier this week, Equifax put the blame for the breach on a web server vulnerability in its Apache Struts open-source software. However, the vulnerability could have been fixed back in early March when patches became available.
In Canada, at least two proposed class actions have been filed against the company in the wake of the disclosure of the massive security breach, with many more filed in the United States.