by Braden Dupuis
Many past student loan recipients are left waiting and wondering following the federal government’s announcement last week that the personal information of more than half a million student loan borrowers has gone missing.
“When I found out I was on the list, it was like my heart just kind of stopped for a minute,” said Arielle Zerr, one of 583,000 student loan recipients from the period of 2000 to 2006 who may have had their privacy breached.
“I’ve done so many things in my life to build up my credit, to take extra care of how my information is put out into the world, and then to have the government just go and throw it out the window, almost literally, it’s completely disheartening,” she said.
The information in question, including the names, dates of birth, Social Insurance Numbers, addresses and student loan balances of hundreds of thousands of Canadians, was stored on an unencrypted hard drive that went missing from a Human Resources and Skills Development Canada office in Gatineau, Que., in late 2012.
“There’s always things that are out of your control, but you expect the government to have safeguards in place to protect this from happening,” Zerr said.
“You’d think that even if the hard drive was never meant to leave the building, that there should be security measures in place, at least some sort of encryption to prevent this from happening.”
And Zerr is not alone in that assumption.
“I would absolutely assume that with anything government related that it would be mandatory with any sensitive data to have the hard drive encrypted,” said Mitch Rogers, a web security expert.
Encrypting something like an external hard drive is “not that difficult,” he said.
“Honestly, it’s just lack of attention. People just … don’t pay attention, they don’t want to go through the headache or they don’t understand the technology themselves. They consider a password lock to be protection enough and, yeah, when you’re talking about people’s data, it’s just not.”
While government representatives were not immediately available for comment, Human Resources Canada addressed the privacy concerns of Canadians in a Jan. 11 news release.
“I want all Canadians to know that I have expressed my disappointment to departmental officials at this unacceptable and avoidable incident in handling Canadians’ personal information,” Diane Finley, minister of human resources and skills development, said in the release.
For now, there are some immediate steps that Canadians can take if they think their information may have been compromised.
“With name, SIN, date of birth, that’s really all a thief would need to start applying for cell phones, credit cards, just about anything,” said Daniel Williams, a supervisor with the Canadian Anti-Fraud Centre.
“Once the thief has that much information, getting more info isn’t that difficult, so indeed all of these people affected should be notifying their banks, putting them on alert.”
Williams also recommends getting in contact with Canadian credit bureaus like Equifax and TransUnion.
“You can put alerts on your name with those two companies, and that will warn creditors that, yes, your info is out there, and if it’s misused, there’s a much higher probability that the suspects will be unsuccessful than if you don’t put (out) the alert,” Williams said.
Human Resources Canada is sending letters to inform people who may be affected, and a toll-free number has been set up at 1-866-885-1866 to handle all related inquiries.