P2021-ND-052

The Organization operates a portal that enables businesses to access consumer credit files for the purposes of assisting them in adjudicating credit applications. On August 19, 2019, the Organization determined that the user credentials for one of its corporate customers had been compromised. The corporate customer confirmed to the Organization that its credentials were used without authorization to access consumer credit files. As a result, an unidentified intruder was able to provide sufficiently detailed and up-to-date personal information on a significant number of individuals (including accurate Social Insurance Numbers) in order to access their files. The Organization believes the intruder had access to up-to-date personal information obtained from an unknown third-party source. The unauthorized accesses occurred between June 28, 2019 and July 11, 2019.

File Type: pdf
File Size: 191 KB
Categories: 2021