Toronto (December 6, 2019) – Canadian Fraud News talked to Chris Mathers about the impact of data breaches on peoples’ lives and what happens with our personal information if they have been leaked. Mathers is a former undercover law enforcement officer who now runs his own crime and risk consulting business Chris Mathers Inc. in Toronto.
Data privacy belongs to the past. We give voluntarily our email address to the cashier at the store in order to receive a digital receipt and save a tree. We sign up for reward programs with our home addresses, phone numbers, dates of birth. We order pizza, sushi, and ramen – whatever we are currently craving – using an app that conveniently entails our home address, phone number, and credit card information.
‘If they have access to one password, they can do a lot of damage.’
And these are only a few innocent examples of today’s daily situations where we give our personal information for more or less enriching digital services to private companies. Carrying all this data – which is our personal information – businesses bear heavy responsibility. These details in the wrong hands can cause major damage to an individual’s life or in the words of cybercrime expert Chris Mathers ‘fraud destroys peoples’ lives.’
But, what exactly happens after a data breach? What do the criminals do with our personal information that has been exposed? Mathers explained that on the dark web – a part of the internet that is not indexed by search engines – millions of personal information including credentials to various personal accounts are up for sale.
Over 28 million Canadians are affected by a data breach, according to the Office of the Privacy Commissioner of Canada (OPC). Basically, the personal information of almost three-quarters of Canadians might be accessible for a certain price for everybody who knows how to reach those sites. However, imperceptible for the person whose information is traded until it is too late and the cybercriminals already gained access into various accounts where they start their fraudulent coup.
680 data breaches in the last year
Since November 1st, 2018, Canadian businesses became subject to the new mandatory breach reporting regulations. Ever since, businesses in Canada have to disclose all data breaches that assess ‘real risk of significant harm’ according to the OPC. The Personal Information Protection and Electronic Documents Act (PIPEDA) entails the mandatory breach reporting among other things. The legislation makes sure Canadian customers have to get notified when their data might have been exposed.
The new legislation is a step in the right direction to hold companies accountable regarding the safety of our personal information. ‘The problem is, there is not really a whole lot you can do if the company is registered in Lichtenstein for example,’ warns Mathers.
Read more: One year of mandatory breach reporting – over 28 million Canadians affected
Before November 2018, reporting data breaches were done on a voluntary basis. Since the obligation, the OPC registered a massive gain in numbers with 680 received breach reports. ‘That is six times the volume we had received during the same period one year earlier,’ explained the Commissioner’s Office.
Cybersecurity and data breaches
The lesson learned is that it is crucial to hold companies publicly accountable for how they deal with our personal information. As Mathers indicated ‘security is always a money issue’, cybersecurity has to create an added value to their businesses.
But individuals are not off the hook. The fact is data breaches happen. Ultimately, the severity of harm still depends on the amount of information criminals are able to get according to Mathers. The cybercrime expert warned ‘the reality is many people have multiple accounts with the same password. If criminals have access to one password, they can do a lot of damage.’ Mathers recommended using unique, complex passwords for each particular account.
Chris Mathers is a former undercover law enforcement officer who worked twenty years for the RCMP. Afterwards, he had joined the Forensic division of KPMG, until he founded his own crime and risk consulting firm Chris Mathers Inc. in Toronto.