Business

Canada's privacy commissioner opens probe into Equifax data breach

Canada's privacy commissioner has opened an investigation into the data breach at Equifax Inc. after receiving several complaints and dozens of calls from concerned Canadians.

Not clear that hacked data was limited to Canadians with U.S. dealings, privacy watchdog says

Credit monitoring company Equifax says a breach exposed social security numbers and other data from about 143 million Americans and an undisclosed number of people in Canada. (Mike Stewart/Associated Press)

Canada's privacy commissioner has opened an investigation into the massive data breach at Equifax Inc. after receiving several complaints and dozens of calls from concerned Canadians.

"The investigation is a priority for our office given the sensitivity of the personal information that Equifax holds," the Office of the Privacy Commissioner said Friday on its website.

The announcement of the probe comes after Equifax disclosed last week that a cybersecurity breach exposed the personal data of about 143 million Americans and an undisclosed number of Canadians.

"Equifax has committed to notifying all impacted Canadians in writing as soon as possible," the privacy watchdog said. The company will also offer free credit monitoring to affected individuals.

"At this point in time, it is not clear that the affected data was limited to Canadians with U.S. dealings," the commissioner said, 

The company is still working to determine the number of Canadians affected by the breach.

Equifax has said the breach of its system occurred between mid-May through July, and it learned of the hack on July 29. 

Earlier this week, Equifax put the blame for the breach on a web server vulnerability in its Apache Struts open-source software. However, the vulnerability could have been fixed back in early March when patches became available. 

Equifax said Friday that systems in the United Kingdom were not affected by the breach. However, there was a batch of fewer than 400,000 British consumers who had some of their personal information compromised, though the company said that information was unlikely to lead to identity theft. 

Equifax is offering identity protection services to those British consumers, similar to the program it's offering to Americans.

Late Friday afternoon, the company said two executives at the Atlanta-based company were leaving. Equifax said that Susan Mauldin, who had been the top security officer, and David Webb, the chief technology officer, are retiring from Equifax immediately. The company did not say what retirement packages the executives would receive.

With files from The Canadian Press, The Associated Press