News and Updates on Information Technology

Canada – Public Services and Procurement Canada

Exploit: Accidental data sharing

Public Services and Procurement Canada: Government department for administration

Risk to Small Business: 1.666 = Severe

An administrative oversight compromised the personal information of thousands of Canadians. Unfortunately, the victims are public servants already impacted by the Phoenix pay systems problem, which resulted in employees being overpaid or receiving little income for months. As part of the department’s efforts to fix this mistake, employee information was inadvertently emailed to the wrong recipients.

Individual Risk: 2.142 = Severe

The email contained employees’ personally identifiable information, including their names, addresses, personal record identifiers, and overpayment amounts. This information could make victims especially susceptible to phishing scams that could extract even more damaging information. Those impacted by the breach should carefully evaluate online communications to ensure their veracity, while also monitoring their other accounts for unusual or suspicious activity.

Customers Impacted: 69,000

How it Could Affect Your Customers’ Business: An external data breach is a priority risk for any company handling sensitive data – making a preventable internal data breach especially egregious. Employee errors are bound to happen but those errors can have far-reaching negative consequences for any business. In this case, one missent email led to financial, reputational, and practical damage.

Source:
https://www.cbc.ca/news/politics/phoenix-pay-system-privacy-breach-1.5466855