The number of privacy breaches affecting Albertans is on the rise, the provincial privacy commissioner found based on cases handled last year.
In 2017, the Office of the Information and Privacy Commissioner (OIPC) issued decisions on 162 breaches “where there was a real risk of significant harm to affected individuals.” That number is more than twice the decisions made from any previous year.
Many of the privacy breach cases were related to unauthorized access of personal information via hacking, malware, or email phishing, the privacy regulator found.
However, there were also many cases of companies and/or employees unintentionally sharing personal information with unauthorized parties.
OPIC director of compliance and special investigations Rachel Hayward told
CBC that human error remains a major factor behind some privacy breaches.
Cyber-attacks have grown more sophisticated, Hayward explained, and have even gone beyond dubious emails asking for money transfers. Cyber attackers have turned to advanced tactics such as email phishing to steal information from a user’s address book, or ransomware to hold a user’s computer hostage until the victims can pay.
“All you have to do is accidentally click on a link and the attacker has access to your computer,” Hayward said.
OPIC said that its biggest single breach decision last year was related to malware present on Walmart’s website, which potentially exposed the information of as many as 109,000 Albertans.
Related stories:
Nissan Canada Finance issues data breach warning
Amazon and Google assistants are “too juicy a target,” security experts say