Latest news with #PhilippeDufresne
Yahoo
6 days ago
- Business
- Yahoo
Federal privacy czar starts probe into theft of customer data from Nova Scotia Power
HALIFAX — The federal privacy commissioner has launched an investigation into a ransomware attack that led to the theft of personal information belonging to 280,000 customers of Nova Scotia's electric utility. Privately owned Nova Scotia Power confirmed last week that hackers stole the data and published it on the dark web. Privacy commissioner Philippe Dufresne said in a statement Wednesday that he started the probe after receiving complaints about a security breach the utility reported in late April. 'Data breaches have surged over the past decade and this incident highlights the growing risks of cyberattacks for all organizations,' he wrote in the statement. Dufresne said he wants to make sure the utility is taking appropriate steps to deal with the breach, which the company says included disclosure of some customers' social insurance numbers. The commissioner says his investigation is looking at steps the company has taken to contain the breach, notify its customers and reduce the risk of fraud and identity theft. Nova Scotia Power says it's offering affected customers a two-year subscription for credit monitoring services through TransUnion Canada. It's also sent letters to customers informing them the stolen data may include their names, birth dates, email addresses, home addresses, customer account information, driver's licence numbers and, in some cases, bank account numbers. Some experts have criticized how the utility notified customers about the breach. According to the commission's website, federal privacy law requires notifications to be given "as soon as feasible" after a company has determined "a breach of security safeguards involving a real risk of significant harm" has occurred. The website also says the notice should include a description of the circumstances of the breach, the time it occurred, a description of the personal information taken, and a "description of the steps that the organization has taken" to reduce the risk of harm. Cybersecurity expert Claudiu Popa, CEO of Informatica Corp., questions whether these standards were met by the utility. Based on the letters he's seen sent to customers, Popa said the information does not provide much detail. "The further inadequacy was the lack of explanation of what could go wrong and what could be done with this information," he said, referring to the customer notifications. He also said the company's offer of a free, two-year subscription to TransUnion's monitoring service isn't long enough. "We should not be naive about the fact that these criminals now have a rich data set to exploit Nova Scotia victims for the foreseeable future, and that foreseeable future probably extends beyond 24 months," said Popa, author of "The Canadian Cyber Fraud Handbook." Nova Scotia Power spokeswoman Kathryn O'Neill said in an email Wednesday the company is aware the cyberattack "has been really concerning for some of our customers." "Impacted individuals have received detailed information about available resources and support," she wrote. "We continue to work with leading third-party cybersecurity experts on this complex investigation and the safe and secure restoration of our systems. We're also implementing additional safeguards to help prevent similar incidents in the future." In his statement, Dufresne said customers would be wise to sign up for credit monitoring services, and he said they should monitor their bank accounts and notify their financial institutions. This report by The Canadian Press was first published May 28, 2025. Michael Tutton, The Canadian Press Sign in to access your portfolio
Global News
6 days ago
- Business
- Global News
Federal privacy czar starts probe into theft of customer data from Nova Scotia Power
The federal privacy commissioner has launched an investigation into a ransomware attack that led to the theft of personal information belonging to 280,000 customers of Nova Scotia's electric utility. Privately owned Nova Scotia Power confirmed last week that hackers stole the data and published it on the dark web. Privacy commissioner Philippe Dufresne issued a statement today confirming he started a probe after receiving complaints about a security breach the utility reported in late April. Get breaking National news For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen. Sign up for breaking National newsletter Sign Up By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy Dufresne says he's in discussions with the utility to ensure it is taking appropriate steps to deal with the breach, which has affected about half of Nova Scotia Power's customers. The commissioner says the investigation is looking into steps the company has taken to contain the breach, notify its customers and reduce the risk of fraud and identity theft. Story continues below advertisement Nova Scotia Power has said it's offering affected customers a two-year subscription for credit monitoring services through TransUnion Canada. It's also sent letters to customers informing them the stolen data may include their names, birth dates, email addresses, home addresses, customer account information, driver's licence numbers, and in some instances their bank account numbers. Dufresne says customers would be wise to sign up for a credit monitoring service to reduce the potential for fraud, and he says they should monitor their bank accounts and notify their financial institutions. This report by The Canadian Press was first published May 28, 2025.
CTV News
6 days ago
- General
- CTV News
Federal privacy commissioner launches investigation into NS Power data breach
The Nova Scotia Power headquarters is seen in Halifax on Thursday, Nov. 29, 2018. The Office of the Privacy Commissioner of Canada has launched an investigation into the data breach at Nova Scotia Power that affected hundreds of thousands of customers. Privacy Commissioner Philippe Dufresne said Nova Scotia Power submitted a breach report to his office. After receiving complaints about the breach, he started an investigation under the Personal Information Protection and Electronic Documents Act. 'We are actively engaging with the organization to ensure that it is taking appropriate steps to respond to the incident, and my immediate focus is on ensuring that the company is effectively addressing the breach and protecting the personal information of its customers,' Dufresne said in a news release. 'This includes breach containment, notification and measures to reduce risks to those affected.' Last week, the power utility said it was the 'victim of a sophisticated ransomware attack' on March 19. A spokesperson said roughly 280,000 customers were impacted by the breach. The utility detected 'unusual activity' on its network on April 25 and launched an incident response plan. Nova Scotia Power has indicated the stolen information could include names, phone numbers, addresses, birth dates, social insurance numbers and bank account information. The utility has arranged to supply affected customers with a two-year subscription for a credit monitoring service through TransUnion at no cost. 'Data breaches have surged over the past decade and this incident highlights the growing risks of cyberattacks for all organizations,' Dufresne said. 'Prioritizing information security is essential to respond to a threat environment that is continuously evolving.' NS Power The Nova Scotia Power headquarters is seen in Halifax on Thursday, Nov. 29, 2018. (Andrew Vaughan) For more Nova Scotia news, visit our dedicated provincial page
Powys County Times
01-05-2025
- Business
- Powys County Times
UK user data must be protected during 23andMe bankruptcy, watchdog says
The UK's data protection watchdog has called for the personal data of UK customers of genetic firm 23andMe to be properly protected during and after its bankruptcy proceedings in the US. The Information Commissioner's Office (ICO) has joined with its Canadian counterpart, the Office of the Privacy Commissioner of Canada (OPC), to warn that they will take action against 23andMe if they believe user data is not protected properly during the case. The DNA testing kit firm filed for bankruptcy protection in the US in March, after struggling with heavy losses and facing the aftermath of a data hack, and as it searches for a buyer. Privacy experts have since raised concerns about what could happen to the vast amounts of genetic and other personal data the company holds if it is sold to a third-party, with many urging users to log in and request their data be deleted. Now the UK and Canadian data protection regulators have written to the US Trustee, which oversees bankruptcy cases, to highlight that any potential buyer of 23andMe must adhere to both UK and Canadian data protection law. Information Commissioner John Edwards said: '23andMe holds some of the most personal and highly sensitive information possible about its customers, including genetic data, health reports and self-reported health conditions. 'We have this week written to the US Trustee to call for the protection of this sensitive data during and after the company's bankruptcy. 'The UK public need to trust that the bankruptcy proceedings, and any potential sale of the company or its assets, will safeguard their personal data from unauthorised use or misuse. 'We are here to advocate on their behalf and we will not hesitate to take action against 23andMe or any potential purchaser should data protection legislation not be adhered to.' Philippe Dufresne, privacy commissioner of Canada, said: '23andMe holds the highly sensitive personal information, including DNA, of millions of customers. My office is closely following the sale of 23andMe to ensure that any personal information relating to individuals located in Canada is handled in compliance with our federal private-sector privacy law. 'This is of the utmost importance given the significant concerns that Canadians may have about the protection of their personal information going forward, especially given that some of the data has previously been subject to a breach.'
Rhyl Journal
01-05-2025
- Business
- Rhyl Journal
UK user data must be protected during 23andMe bankruptcy, watchdog says
The Information Commissioner's Office (ICO) has joined with its Canadian counterpart, the Office of the Privacy Commissioner of Canada (OPC), to warn that they will take action against 23andMe if they believe user data is not protected properly during the case. The DNA testing kit firm filed for bankruptcy protection in the US in March, after struggling with heavy losses and facing the aftermath of a data hack, and as it searches for a buyer. Privacy experts have since raised concerns about what could happen to the vast amounts of genetic and other personal data the company holds if it is sold to a third-party, with many urging users to log in and request their data be deleted. Now the UK and Canadian data protection regulators have written to the US Trustee, which oversees bankruptcy cases, to highlight that any potential buyer of 23andMe must adhere to both UK and Canadian data protection law. Information Commissioner John Edwards said: '23andMe holds some of the most personal and highly sensitive information possible about its customers, including genetic data, health reports and self-reported health conditions. 'We have this week written to the US Trustee to call for the protection of this sensitive data during and after the company's bankruptcy. 'The UK public need to trust that the bankruptcy proceedings, and any potential sale of the company or its assets, will safeguard their personal data from unauthorised use or misuse. 'We are here to advocate on their behalf and we will not hesitate to take action against 23andMe or any potential purchaser should data protection legislation not be adhered to.' Philippe Dufresne, privacy commissioner of Canada, said: '23andMe holds the highly sensitive personal information, including DNA, of millions of customers. My office is closely following the sale of 23andMe to ensure that any personal information relating to individuals located in Canada is handled in compliance with our federal private-sector privacy law. 'This is of the utmost importance given the significant concerns that Canadians may have about the protection of their personal information going forward, especially given that some of the data has previously been subject to a breach.'
