Data breach turmoil, a student’s perspective

Jan 2013

Data breach turmoil, a student’s perspective

Posted by Zaid Rasid

Student Loan ApplicationHuman Resources Minister Diane Finley (HRDC) learned the hard way many lessons when a Canadian government office was hit hard by a data breach. In addition to the public relations nightmare that was created, multiple threats of several class action lawsuits came to light.

We wrote a couple of posts about this particular data breach and were recently surprised to learn that an Asigra employee is one of the more than 563,000 individuals affected. This individual had taken out a student loan during the years 2005 through 2006 and included her parent's information as part of the loan application. There is some irony in this story when an employee of a cloud backup and recovery software company is affected.

I had the opportunity to interview this employee and agreed to conceal her identity. There were a number of steps that she had to follow in order to find out exactly how she was affected by the breach and what additional steps she needed to take to ensure she was safe. It's discouraging to note that most of the onus was placed on her in determining next steps.

Series of Events

Here's a look at the series of events that one of Asigra's employees experienced during the breach of her student loan information by the Canadian federal government:

  • Since the breach occurred almost two month ago, she didn't know she was affected until the media broke the news and she called a government agency over the weekend (Jan 12,2013). The call was based on the advice from a newspaper ad taken out by a lawyer who was filing a class action lawsuit.
  • Her critical personal information stored in the breached file includes: Social Insurance Number, Name, Date of Birth, Address, Loan balance, plus parent's names
  • When she called the HRDC, she was asked by a representative for her personal information and was informed that she would receive a letter from the government in the form of an apology
  • When she asked how the agent knew whether her name was part of the data breach, the agent had replied that her name had been flagged in their computer system
  • When she asked how the breach occurred the agent had replied that she had no information regarding how the data went missing
  • To ensure her credit was safe, our employee had to call one of the major credit monitoring companies on her own time and expense. According to her experience, she was on the phone for several hours to find that little could be done to protect her credit. A monitoring service was available at a monthly cost.

It goes without saying that there are a lot of valuable insights into the realistic implications of a data breach. From the perspective of the individual involved in a breach, it can be nerve-wracking. For our employee in particular, she has reiterated her concerns over a lost Social Insurance Number. And rightfully so.

Protective Measures

If you're a company or an institution that maintains sensitive data then you should heed the consequences that are involved with a data breach. As for solutions, employing a private-cloud environment is one option the government is now considering.

Of course, at Asigra we are adamant believers of protecting data both at rest and in flight and backing up that data with a comprehensive backup and recovery solution in place. At the end of the day, you have to weigh the costs of the administrative nightmares involved with a data breach versus the peace of mind in putting in place a secure and safe solution.

If you're ready to take the necessary steps to prevent a data breach, contact us now and we'll get you in touch with the right service provider to meet your needs.

Spice IT Email Post

For more information

Get insights about cloud backup and recovery direct to your inbox every month.
Subscribe to our Newsletter
Stay connected to the latest data protection insights – subscribe to our blog.
Subscribe to our blog
Got questions for one of our recovery specialists?
Need Answers to your Questions?
Print this page
Email this page