Tag Archives: security

Hacked Lifelabs Failed To Protect Customers’ Data

Toronto’s Lifelabs, Canada’s largest laboratory testing company. has failed to protect customers’ data from hackers last year. Their data’s breach was the largest in Canadian history due to sheer number of data revealed.

The Information and Privacy Commissioner (OIPC) of Ontario, has ordered Lifelabs to better protect their data from now on, as well as has better procedures to inform customers whose information was stolen.

Over 15 million names, addresses, emails, customer logins and passwords, health card numbers and lab tests were downloaded by hackers last year from Lifelabs servers.

https://twitter.com/zaxbux/status/1276544505869549569

The commission said that even though “reasonable steps” were taken to oversee the hackers’ investigation – the Lifelabs did not do enough to protect the data in the first place.

Lifelabs said that it “has committed to being open and transparent” about the investigation.

Michael McEvoy, information and privacy commissioner of British Columbia, said it was disappointing that no laws exists where it would be possible for him to charge the company for being so careless with the data.

“LifeLabs’ failure to properly protect the personal health information of British Columbians and Canadians is unacceptable.

LifeLabs exposed British Columbians, along with millions of other Canadians, to potential identity theft, financial loss and reputational harm.

This is the very kind of case where my office would have considered levying penalties.”

avatar

Michael McEvoy

information and privacy commissioner of British Columbia

Security Firm OneSpan Opens R&D in Montreal

Security firm from Chicago is opening a center in Montreal to do their R&D. They will be investing $9m to operate the center there.

This is on top of their existing office there where they employ 150 employees. This new addition should add another 100 hires.

Company claims to have over 10,000 clients and employs over 600 employees worldwide.

Data breaches, identity theft, and financial fraud have become all too common features of our modern digital life. OneSpan is dedicated to protecting people from financial fraud and stopping billions of dollars in losses for consumers, banks, and businesses.

Our new Montréal R&D centre and the city’s world class technical talent will play a prominent role in ensuring OneSpan remains at the forefront in preventing fraud in the global financial services industry.

avatar

Scott Clements

Chief Executive Officer, President, and Director at OneSpan

This is a big win for Quebec government who had their share of controversy in the last few months. This shows that current Quebec government can attract foreign investment into the province.

Eric Girard, Quebec’s Minister of Finance, said that “It is essential to develop high-level expertise in personal data and information protection in Québec. Cybersecurity and data protection remain a priority of our government.”

Montreal is well known in the world for its amazing game development contribution with companies like Ubisoft and Eidos. Now they can add two more to their list: artificial intelligence and cyber security.

It is impressive to see that Montreal IT work-force has increased from 100,000 to 150,000 in less than a decade.

Tesla Model 3 Hacked in Canada

Two hackers in Vancouver had won a Tesla after they have found loophole in Telsa’s web browser that let them bypass security.

This happened at a Pwn2Own hacking contest in Vancouver where so called white hackers and security experts gather to try to exploit various computer systems . Pwn2Own has been going on for over 10 years.

This year was a special year as this is the first time a big company like Tesla agreed to lend them a car to be exploited and hacked .

Two security experts, Richard Zhu and Amat Cam, were able to penetrate Tesla’s web browser and show a custom message.

Tesla gave the duo the same car they hacked as a gift. They also mentioned that they will be fixing the bug asap.

“In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Tesla’s been involved with hacking community for many years and have been giving away bounties of up to $15,000 US. Nice way to keep the car safe.

Air Canada Hacked

Air Canada said that over 20,000 profiles saved into their mobile app have been compromised and info such as customer’s Aeroplan number, passport number, Nexus number, known traveller number, gender, birth date, nationality, passport expiration date, passport country of issuance and country of residence could have been accessed.

After discovering the breach Air Canada has shut down the app, and is forcing all 1.7 million app users to change their passwords immediately.

Free-Photos / Pixabay

Chester Wisniewski, cyber security specialist, said in an interview with CBC:

“You never want someone to know your name, your birthday and your passport.

I suspect hackers stumbled across a bug in the API.

I don’t think they were targeting Air Canada or they were intent on stealing specific info, there’s a lot of hackers who are just scrolling the internet looking for doors that are ajar. If they find a door that’s open they start monkeying around.”

Some users complained not being able to login, but some others, like this Canadian satire site cracked jokes.

Air Canada said that they have not detected improper use of stolen passwords. Yet.

Gabor Lukacs, Canadian air passenger rights advocate, mentioned that he would recommend people affected to complain to the Office of the Privacy Commissioner, Canada’s watchdog that  provides advice and information for individuals about protecting personal information.

Lukacs said:

“When a corporation collects your data, they have a responsibility to keep it safe. When they fail, it is a matter for the Office of the Privacy Commissioner to investigate.

People may also wish to start a class action against Air Canada in this situation.”

Cyber security is becoming a big issue in Canada, where a recent report from Deloitte mentioned that many cyber security jobs in Canada go unfilled due to lack of experienced professionals.

West Vancouver Servers Hacked

District of West Vancouver, westvancouver.ca, recently discovered that they have malware installed on their servers potentially accessing thousands of users data over the last few years. It is possible that over 4,870 people data have been compromised.

While noone knows for sure if data compromised was used or will be used for illegal purposes, West Vancouver issues press release saying that “the possibility of compromise cannot be definitively ruled out.”

Basically if you have used website to send personal information to the city between 2013 and 2018 your data was potentially compromised. To stop the breach from spreading even more, the officials have shut down the website, and wiped all the personal data from the website, and promised to increase their web security.

West Vancouver promised in the press release:

“Examples of the personal information contained in these forms may include addresses, phone numbers, email addresses, and IP addresses.

Once we are assured that additional security measures put in place are effective, the forms will be enabled again on a limited basis. In the future, data will be removed from the web server on a regular basis.”

Robfoto / Pixabay

City advises you to “exercise caution if approached by an unknown individuals” in regards to your data as hackers might target residents for scams or identity theft.

Cyber security expert George Pajari, in interview to North Shore news, said:

“It was obvious the district was completely unprepared. It was a disaster waiting to happen. They hadn’t taken what I would consider the absolute basic steps to protect the information they were holding.

Not only had they not subscribed to receive notification of the patches from the vendor, they hadn’t updated their software for months and months so they got knocked off.”

Cyber security is becoming a big issue in Canada, where a recent report from Deloitte mentioned that many cyber security jobs in Canada go unfilled due to lack of experienced professionals. If you are looking for a new career, maybe consider going into cyber security – a huge boom in this profession is expected over the next 5-10 years in Canada and across the world.

Canadian 2018 Fed Budget: Tech + R&D

Another year went by and another budget was passed. The good news the deficit will be reduced to about $12b by 2023 and liberals have backtracked on a lot of controversial changes they wanted to pass just few months ago.

Parental Leave

So let’s start with not so techie but important for a lot of startups and entrepreneurs out there – parental leave. Government has passed $1b+ to create a 5 weeks program for fathers to be able to take parental leave with a maximum of 40 weeks (up from 35) for both parents and cap it at 55% of 2nd parent income for as much as 12 months as long father takes the 5 weeks. Lose it or use it – they call it.

Small Businesses Tax Changes

The government has decided to push through with their passive income changes. Basically meaning that if you earn passive income in your business – you will not be able to take advantage of low small income corporate tax rate of 9% but would need to pay full 15% corporate tax rate used for big corporations.

Hold on a second, I am a bit slow – what is a passive income you ask? Basically if you earn income as part of your active business activities it is not considered passive income. So if you sell $10m of widgets and earned $1m – it is NOT a passive income but just income. If now you have decided to reinvest that $1m of income to buy say shares of Amazon and Facebook, and made 5% over a calendar year it would be considered an income earned from investments—stocks, ETFs, bonds, etc., as many smart business owners use for long term savings—then it is passive income.

So back to passive income. Government has decided to be “nice” and will allow you to use small corporate rate when applied to first $50k of passive income. However, from $50k to $150k, you will now need to pay more than small corporate rate, and maximizing it at 15% full corporate rate at $150k of passive income or more.  You will not be affected if you are making less than $50k passive income.

If you reinvested your $1m to buy stocks and those stocks increased by say 20% at $200k in passive income – you will be required to pay the same tax rate as the big boys. So basically government wants all of your money.

Innovation Boost to Science

Government has decided to commit almost $4b over next 5 years to give boost to science specifically physical and life sciences, social sciences and health research. The scientists will receive about half a billion dollars more to do their research through university and government funding.

Females Lead the Way / Big Data

The feds have decided to be nice to female business owners as well committing almost $100m to help them grow their businesses as well as almost $600m to provide advanced computing and big data resources. Canada is a world leader in that.

Cybersecurity Project

Government has decided to allocate over $500m to cybersecurity threats. It will be used to develop a central body to oversee cyber security. Cyber attacks have cost Canadian businesses billions of dollars and government is trying to reprimand that. Even the government itself and several universities were a target of Russian and Chinese hackers and ransomware over the last few years.

Newspapers / News Websites / Blogs

Canadian government has decided to help out underfunded and declining newspaper industry by providing them with a non profit status. as well as $50m subsidy to support local journalism. So now if you run a newspaper or a blog , you will potentially be able to register as a non profit.

Did we miss anything? Let us know.

 

Canada To Introduce Border App – No More Waiting in Line

Federal government has created a new app that will help you cross the border much easier and faster. You would need to download and register first.

It is called Known Traveller Digital Identity app, and will first be launched only when you travel between Canada and Netherlands. If all goes according to plan, it will be rolled our to many other countries by 2020.

JESHOOTS / Pixabay

The app will work similar to existing programs like Nexus, program that allows pre-screened travelers expedited processing when entering the United States and Canada. Basically you will need to register your details such as your passport #, vaccinations taken and records, bank statements, schools you went to, etc. This will allow agents to know who you are even before your flight leaves its gate.

This app will also use your retina and facial recognition to verify that you are exactly who you claim to be.

Accenture, technology company, behind developing this app says that all the information will be very secure.

“No personal information is stored on the ledger itself, ensuring that personal information is not consolidated in one system, which would make it a high value target for subversion,” the company said in a statement to CBC News.

geralt / Pixabay

The app will learn from your travel patterns, and the more countries, and times you cross the border, the more trusted persona, you would become.

Ontario is going to use drones to monitor the highways, and now the government will use your cell phone records to decide if they want to let you in.

“Big Brother is Watching You.” ― George Orwell, 1984