Equifax says 100,000 Canadians impacted by cybersecurity breach

EquifaxCanada said amassive cybersecurity breach at the company may have exposed the personal information of about 100,000 Canadian consumers.

Equifaxis a consumer information company that provides, among other services, credit information and credit ratings on individuals.

The companydisclosed on Sept. 7 that thecybersecuritybreach exposed the personal data of about 143 million Americans but, at that time, did not reveal the number of Canadians involved.

EquifaxCanada said the information includes names, addresses, social insurance numbers (SIN) and, in limited cases, credit card numbers.

"We apologize to Canadian consumers who have been impacted by this incident," said Lisa Nelson, president and general manager ofEquifax Canada.

"We understand it has also been frustrating that Equifax Canada has been unable to provide clarity on who was impacted until the investigation is complete. Our focus now is on providing impacted consumers with the support they need," Nelson said in a release.

• U.S. opens criminal probe of Equifax executives' stock sales before breach disclosed: report
• Equifax data breach being investigated by Canada's privacy commissioner

Canada's privacy commissioner said Friday it had opened an investigation into the data breach after receiving several complaints and dozens of calls from concerned Canadians.

Equifaxsaidithas been working with the Office of the Privacy Commissioner of Canada (OPC) and will be sending notices via mail directly to all impacted consumers outlining the steps they should take.

"For impacted Canadians we will also be providing complimentary credit monitoring and identity theft protection for 12 months," the firm said.

The company is also telling Canadian consumers to be vigilant in reviewing their account statements and credit reports. Equifaxsaid consumers should immediately report any unauthorized activity to their financial institutions, and it recommends that they monitor their personal information.

Equifaxhas said the breach of its system occurred between mid-May through July, and it learned of the hack on July 29.

Last week, Equifaxput the blame for the breach on a web server vulnerability in its Apache Struts open-source software. However, the vulnerability could have been fixed back in early March when patches became available.

In Canada, at least two proposed class actions have been filed against the companyin the wake of the disclosure of the massive security breach, with many more filed in the United States.

Equifaxshares rose 49 cents US on Tuesday, closing at $94.87 US on the NYSE.