Where could information stolen in the N.L. cyberattack go? A data privacy expert weighs in
The kind of data stolen could quickly lead to identity theft, says David Morgan
With confirmation from government officials that data was taken from Newfoundland and Labrador's regional health authorities in last month's cyberattack, a data privacy consultant provides some insight on where the data could go.
St. John's privacy consultant David Morgan told CBC News earlier this week that criminal organizations often use the dark web to look for "good data": data that can be used to apply for things like loans and credit cards.
"In some cases, there may be small pockets of data that are purchased by smaller outfits and that sort of thing. But it's typically an organized crime," he said.
Morgan said he is particularly worried for health authority employees; earlier this month, Health Minister John Haggie said all current and former employees of Eastern Health the last 14 years, Central Health in the last 13 years and Labrador-Grenfell Health in the last nine years should assume their data has been stolen.
"It's pretty clear now at this point that this is a pretty serious situation that we're facing in the province," said Morgan.
Haggie and Justice Minister John Hogan say their biggest concern for the stolen data is the potential for identity theft — as hackers or organized crime groups could use the stolen data to steal someone's identity.
"With this recent theft from the regional health authorities, they've got some very current, good data. Social insurance numbers and that sort of thing," he said.
"If you have a social insurance number, date of birth, that's a really good starting point. Somebody's name, middle name, if you throw in a mother's maiden name, that's some really good data on which to start a fake identity."
Morgan said people who fear their data has been stolen should take advantage of the services the provincial government is offering.
"I think they really need to take advantage of the offering of the credit monitoring that the RHAs and the government have put to them. It seems like a bit of a hassle … but take advantage of it," Morgan said.
He said people should also practise proper Internet safety, such as frequently changing passwords and watching out for suspicious calls and emails that could further target someone whose information was taken in the data breach.
With files from Anthony Germain