Exploit: Accidental data sharing
Public Services and Procurement Canada: Government department for administration
Risk to Small Business: 1.666 = Severe
An administrative oversight compromised the personal information of thousands of Canadians. Unfortunately, the victims are public servants already impacted by the Phoenix pay systems problem, which resulted in employees being overpaid or receiving little income for months. As part of the department’s efforts to fix this mistake, employee information was inadvertently emailed to the wrong recipients.
Individual Risk: 2.142 = Severe
The email contained employees’ personally identifiable information, including their names, addresses, personal record identifiers, and overpayment amounts. This information could make victims especially susceptible to phishing scams that could extract even more damaging information. Those impacted by the breach should carefully evaluate online communications to ensure their veracity, while also monitoring their other accounts for unusual or suspicious activity.
Customers Impacted: 69,000
How it Could Affect Your Customers’ Business: An external data breach is a priority risk for any company handling sensitive data – making a preventable internal data breach especially egregious. Employee errors are bound to happen but those errors can have far-reaching negative consequences for any business. In this case, one missent email led to financial, reputational, and practical damage.
Source:
https://www.cbc.ca/news/politics/phoenix-pay-system-privacy-breach-1.5466855