100,000 Canadians likely affected by Equifax breach 

“While our investigation is ongoing and this information may change, at this point, we believe that the incident involves potential access to the personal information of approximately 100,000 Canadian consumers, and that the information that may have been breached includes name, address, Social Insurance Number and, in limited cases, credit card numbers,” the Canadian arm of Equifax said in a bulletin today. “For impacted Canadians we will also be providing complimentary credit monitoring and identity theft protection for 12 months.”

Related content

EQUIFAX BLAMES APACHE VULNERABILITY, CANADA’S PRIVACY CHIEF WEIGHS IN ON BREACH

EQUIFAX HAMMERED OVER DELAYED WARNING ON MASSIVE BREACH

The American company is also working with the Office of the Privacy Commissioner of Canada (OPC). The company will be sending notices via mail directly to all impacted consumers outlining the steps they should take.

In the afternoon of September 7th, Equifax issued a press release which said that about 143 million U.S. customers of the credit reporting firm could have been impacted by a cyber attack on the company. That was several months after the breach occurred. This delayed announcement resulted in a  public relations black-eye for the company especially when it came to light that three ranking company executives sold off their Equifax stocks before news of the breach was released.

“We apologize to Canadian consumers who have been impacted by this incident,” said Lisa Nelson, president and general manager of Equifax Canada. “We understand it has also been frustrating that Equifax Canada has been unable to provide clarity on who was impacted until the investigation is complete. Our focus now is on providing impacted consumers with the support they need.”

The company has “engaged a leading, independent cybersecurity firm” to conduct a forensic review to determine the scope of the intrusion and find out what type of data was stolen.

Equifax Canada is working in close coordination with Equifax Inc. and the independent cybersecurity firm in conducting the ongoing investigation.

Cyber criminals accessed Equifax Inc.’s systems through a consumer website application intended for use by U.S. consumers.

“Through this interface, the criminal actors obtained access to files containing personal information of certain Canadian consumers,” the company said.