Skip to main content

The personal information of about 37,000 Canadians held by TransUnion may have been compromised this past summer, leaving both of Canada’s credit monitoring agencies with data blemishes on their record.

The TransUnion incident is the second in the area after the high-profile data hack at credit monitoring agency Equifax Inc. in 2017, which exposed the information of 147 million people, including about 19,000 Canadians.

TransUnion said in a statement Wednesday that someone fraudulently accessed its data through the use of one of its legitimate business customer’s login credentials between June and July.

Story continues below advertisement

Company spokesman David Blumberg said that while the investigation is ongoing, the company maintains that the fraudulent login was not a failure of its systems.

“The unauthorized access was not the result of a breach or failure of TransUnion’s systems or our customer’s system,” he said.

Canadian Western Bank confirmed that the credit report data was accessed through an account at its leasing division.

“In August, we learned that CWB National Leasing’s account was illegally used by an unauthorized third party to perform unauthorized credit checks,” said company spokeswoman Maya Filipovic.

She said no personal information held by CWB National Leasing was taken, disclosed or misused in any way.

TransUnion did not disclose what kind of personal information was compromised by the fraudulent login.

A credit check by a bank or lender could give access to an individual’s name, date of birth, current and former addresses, information on existing credit and loan obligations, credit repayment history, and potentially their social insurance number.

Story continues below advertisement

TransUnion said it learned of the breach in August and has notified those whose information may have been accessed as well as the privacy commissioners.

The incident is the latest of numerous data breaches in recent years, including the Equifax breach. More recently, Capital One said in July that data of six million Canadians was hacked, including about a million social insurance numbers. Desjardins said in June that the data of about 2.7 million accounts were hit with a breach.

The problem is that no system is foolproof, said Hasan Cavusoglu, an associate professor of management information systems at the UBC Sauder School of Business.

“The reality is this is a moving target. Organizations are every day exposed to new type of attack vectors, new kinds of threat actors.”

He said customers have little choice but to have their data held with TransUnion and Equifax.

“As long as you do some kind of transaction, your data will inevitably fall into these companies.”

Story continues below advertisement

The two credit monitoring agencies collect a variety of financial data to help banks and other lenders figure out how reliably a customer might pay them back. The model means the agencies want to collect as much information as possible to clearly represent someone’s credit worthiness, said Cavusoglu.

While breaches are impossible to rule out entirely, major financial institutions like credit agencies have significant incentives to keep the data safe, he said.

“Reputational damage as a result of these kinds of attacks is tremendous, let alone other kind of maybe regulatory sort of penalties as well as some legal costs associated with it. So they don’t want that reputational damage.”

Blumberg said Chicago-based TransUnion continues to look for ways to strengthen its defences against unauthorized access of any kind, and supports customers in efforts to protect their data.

Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.

Report an error
Tickers mentioned in this story
Unchecking box will stop auto data updates
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

Cannabis pro newsletter