City apologizes for privacy breach of WCB files

Registered letters are being sent to 3,716 victims of a privacy breach after WCB claim information was released due to "human error," saycity officials.

In a release issued late Wednesday afternoon, Donald von Hollen, acting chief security officer for the city's corporate security, said "numbers, names, incident dates, details regarding the nature of the injury or claim, a brief description of the incident, costs associated with the claim, employee ID numbersand business units" werereleased improperly on June 14 and 15.

"The information disclosure was a result of human error," read the release.

• MORE CALGARY NEWS|Crash sends vehicle into Bow River, critically injured driver rushed to hospital
• MORE CALGARY NEWS|SUV lands in Bow River, driver rushed to hospital

"The incident was detected early, a full investigation was conducted and we have made efforts to ensure the information was contained to prevent further distribution."

Claims involved are from 2012 to 2016 and von Hollen said no personal contact information like addresses, phone numbers, emails, social insurance numbers, personal health numbers, dates of birth or banking information werereleased.

University of Calgary professor and cybersecurity expertTomKeenansaid these victims shouldn't worryabout their personal information being used nefariously.

"It looks like they have it contained so that it's not in the hands of hackers who are going to try tomonetizeit," he said.

"On the other hand, it's health information, and nobody reallylikes to think that health related information is in the hands of anybody other that who it should be," he added.

"On a scale of one to 10, it's a four," he said, regarding how concerned people should be about this incident.

An investigation revealed the disclosure happened when a city employee sought technical assistance from a contact working at another municipality.

The recipient got the information at their work and personal email addresses. Von Hollen said officialsbelieve the breachwas not malicious in nature.

City officials said the information was not shared further and was deleted.

A review is now underway concerning data and security protocols at the city.