A data breach might have exposed the personal information belonging to approximately one million users of the Canoe.ca portal. On 2 September, the news and entertainment gateway learned of a security incident that involved some of its databases containing records it collected between 1996 and 2008. The company, operated by MediaQMI Inc. and owned by Sun Media Corp. prior to 2015, launched an investigation into the breach and determined that the event didn't affect users' financial information such as their credit card information. Its analysis also found that the compromised data did not include consumers' social insurance numbers. Even so, Canoe.ca identified other bits of information that the breach might have exposed. As quoted in a statement provided to DataBreaches.net:
"The breached data did however contain personal information pertaining to about one million Anglophone and Francophone users of the Canoe sites from that period, such as names, email addresses, mailing addresses and telephone numbers. The information was provided by users for contests, forums, comments pages or the hosting of personal pages. No data collected after 2008 has been compromised."
At this time, the portal is working to notify all affected users of the incident and remediate the breach with the help of data security experts. It's also informed the Royal Canadian Mounted Police (RCMP), the Office of the Privacy Commissioner, and other regional privacy commissioners about what happened.
Canoe.ca has not provided any information about how the attackers might have gained access to its databases. With that in mind, it's always important that organizations take the time to make sure their databases and other systems are securely configured and up-to-date with all available security patches. Tripwire's Configuration Compliance Manager can help in this regard. Learn more here. News of this breach follows nearly a week after Equifax, one of the largest credit reporting firms in the nation, announced a recent “cybersecurity incident” that may have compromised the information of 143 million U.S. consumers including their Social Security Numbers.
