Syncrude Canada Ltd.
On October 6, 2017, an employee of the Organization reported that that they had incorrect access permissions to an internal network directory, allowing the employee access to personal information of other employees. A comprehensive investigation followed and found that there were four (4) unique exposures allowing unauthorized access to various folders between March 2, 2017 and October 13, 2017. The Organization?s IT support services are provided by an external service provider. There is a procedure for granting access requests, however the procedure was not followed. The personal information was stored on secure servers in Alberta. The physical security of the server was not compromised.