Names, addresses, driver’s license numbers… Tool rental company LOU-TEC refuses to say how many of its customers were victims of a cybersecurity incident last March, the file of which is in the hands of the police.
• Also read: Tennis Canada: Auger-Aliassime and Fernandez victims of a data leak
“Our investigation revealed that an unauthorized third party may have accessed a file server. Extensive analysis of the server identified some scattered files containing personal information of specific individuals,” Marie-Annick Geffroy, spokeswoman for LOU-TEC, told the journal.
“Once the investigation allowed us to better understand the incident, confirm which accounts may have been consulted and identify the information contained therein, we notified the individuals concerned as soon as possible. and the applicable rules,” she continued.
According to cybersecurity expert Steve Waterhouse, driver’s license is a key document for scammers.
“There’s biometrics in there. There is physical appearance, address, height, eye color, gender, date of birth. There are additional details for people with bad intentions. There’s even a sample of our handwritten signature,” he notes.
“The fraudster can commit his offense more easily. He can even find someone who physically looks like a human to better cheat on him. “It’s standard police practice,” he adds.
Refusal to say how many are affected
At the Information Access Commission (CAI), we confirm that we received a confidentiality incident report from LOU-TEC on April 13th.
In the Journal, LOU-TEC apologetically assured that there was “no indication that this information was being used for harmful purposes and that no information related to the incident was publicly disclosed.”
In response to a question from Le Journal in recent days, LOU-TEC refused to say how many customers were affected by the March 3 incident.
Two years ago, Power Corporation subsidiary Sagard, along with financial partners such as Investissement Québec, attacked Quebec firm LOU-TEC.
A confidentiality incident also affected clients of Mackenzie Investments, a subsidiary of Power Corporation-owned asset management firm IGM Financial, last May.
Between September 22, 2022 and March 31, 2023, more than 218 confidentiality incidents were reported to the Commission d’accès à l’information (CAI).
In 38% of cases, access to personal data was not permitted by law.
Can you share information about this story with us?
Write to us or call us directly at 1-800-63SCOOP.