Thousands of Canadians have been hit by an email breach that exposed some of their personal information to hackers.
Manitoban Andy Erickson is one of those affected.
"(I) got an email from Best Buy Reward Zone telling me there was a security breach," said Erickson.
A day later on Monday he received a similar email from Air Miles. Both messages said that only information involving names and email addresses were compromised.
Both Air Miles and Best Buy Reward Zone are clients of Epsilon, a marketing firm in the U.S. that handles their loyalty programs. Epsilon, the company whose data was hacked, has assured its clients that account details, passwords and other personal information were not at risk.
More companies could be affected, however, since Epsilon works with more than 2,500 companies worldwide.
Brian Bowman, a privacy expert and lawyer, said Canadian companies currently aren't legally obligated to inform people if a security breach has occurred and personal information put at risk.
"I'm sure in many cases, organizations are sweeping it under the rug and they're not legally required to notify people, so they're not breaching any legislation," said Bowman.
Bowman said the plan to implement legislation has been bumped several times because of repeated elections.
"I appeared before the parliamentary committee to represent the Canadian Bar Association it must be five, six, maybe seven years ago and we're still waiting for those reforms to actually take hold," said Bowman.
That's going to be a concern to consumers like Andy Erickson, who said he won't take anymore chances.
"(I'm) going to stop signing up for the emails and (will) probably get rid of the ones I have," said Erickson.
Privacy experts said people don't have to go that far, but advised consumers to be diligent with information they give out. Experts advised people to never get out their PIN or other similar personal information via email. All companies said they won't ask for such information via email.
- with a report from CTV's Eleanor Coopsammy
TransUnion.ca. offers tips for consumers to protect themselves. It advises to continually monitor your credit report on an ongoing basis to identify any suspicious or fraudulent activity. TransUnion.ca says other companies also suggest:
- Don't give your User ID or password in e-mail.
- Don't respond to emails that require you to enter personal information directly into the e-mail.
- Don't respond to emails threatening to close your account if you do not take the immediate action of providing personal information.
- Don't reply to emails asking you to send personal information.
- Don't use your email address as a login ID or password.
Preventing Identity Theft: http://www.transunion.ca/ca/personal/fraudidentitytheft/preventing_en.page
Identifying Identity Theft: http://www.transunion.ca/ca/personal/fraudidentitytheft/identifying_en.page
Restoring your Good Name: http://www.transunion.ca/ca/personal/fraudidentitytheft/restoring_en.page
