Canada student loan record breach affects 583k

Share this article:

A federal agency in Canada lost an unencrypted external hard drive containing the personal information of half a million student loan recipients.

How many victims? 583,000.

What type of personal information? Names, social insurance numbers, dates of birth, loan balances and contact information of borrowers from 2000 to 2006.

What happened? On Nov. 5, an employee of Human Resources and Skills Development Canada discovered the hard drive was missing from an office in Gatineau, Quebec.

What was the response? Two months after the discovery, an internal investigation began. The public was first notified of the incident last Friday. The Royal Canadian Mounted Police (RCMP) was called in to investigate what could be deemed as “one of the largest privacy lapses in Canadian history,” The Vancouver Sun reported.

The federal government will contact all affected individuals, and a toll-free number was set up Monday for those with questions. 

Details: The human resources agency discovered the breach while it was in the midst of another investigation – on the loss of a USB key containing the data of more than 5,000 Canadians.

Quote: “I have expressed my disappointment to departmental officials at this unacceptable and avoidable incident in handling Canadians' personal information,” Human Resources Minister Diane Finley said. “As a result, I have directed that departmental officials take a number of immediate actions to ensure that such an unnecessary situation does not happen again.”

Source:, The Vancouver Sun, “Federal government loses hard drive with information on more than half a million people,” Jan. 11, 2013.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters



More in The Data Breach Blog

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.

Marquette University notifies graduate applicants of possible breach

Settings for an internal file server were inadvertently modified, making graduate school applications accessible to anyone with Marquette University login credentials.

Physician's email account, accessed by unknown source, contained patient data

UC Davis Health System is notifying 1,326 patients that a physician's work email account was accessed by an unknown source and an email within that account contained their personal or medical information.