Security Incident | Page 2 | Wealth One Bank of Canada | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
Security Incident
July 23, 2021
5:00 pm
HIS285
Member
Members
Forum Posts: 35
Member Since:
November 29, 2014
sp_UserOfflineSmall Offline

WealthOne did call me back, which surprised me (see my first post).

The CSR that called assured me that W1 takes security very seriously and that personal information data is kept in encrypted databases. What happened, she said, is that the person whose mailbox was hacked was preparing a “regulatory” report (the CSR kept repeating the word “regulatory” as if it explained or excused anything) and that report contained my unencrypted personal info (and that of many others). I asked what the report was exactly but didn’t get an answer. I also didn’t get an answer as to why a copy of info that is normally kept encrypted was simply sitting in a mailbox unencrypted.

If I understood correctly what the CSR said, it appears that the fact that my date of birth (and other info) was in a mailbox is not considered sensitive enough to warrant further measures (or quicker intervention by W1). Apparently, since many people post their personal info online, including their date of birth, such info is not considered sensitive. (While my own understanding would be that a date of birth is one of the key elements of identity theft.)

The CSR offered to change my account number, which I accepted. She also offered me a one year subscription to TransUnion myTrueIdentity monitoring service. This appears to be a good deal as I would be alerted of key changes and includes “identify theft insurance” of up to $50,000” among other “features.” I haven’t yet checked to see if there would be a downside in using this service (such as making it much harder to move money around or open and close accounts) of if it’s truly useful.

August 23, 2021
1:08 am
RetirEd
Member
Members
Forum Posts: 143
Member Since:
November 18, 2017
sp_UserOfflineSmall Offline

Norman1: It looks like the key to the SIN reporting requirement is:

1. Lamaison noted that: You can still earn interest and file tax returns and other financial requirements if you DO NOT HAVE a SIN. Then they will match the names or call you to sort them out.

2. Norman1 added: If you DO HAVE a SIN, you LEGALLY MUST provide it to certain financial and other institutions.

Case 1 above lets people get down to business before their SIN comes through, or if they are not eligible to get one. Norman1's quote specifically explains this.
RetirEd

I have only a single GIC with Wealth One. Didn't get a letter about a security breach. Probably doesn't affect me. They have no E-mail or other on-line info about me anyway.

August 23, 2021
1:21 am
HermanH
Member
Members
Forum Posts: 187
Member Since:
April 14, 2021
sp_UserOnlineSmall Online

Called W1 last week and asked about removal of my SIN, but they said that they could not because I had a registered product (TFSA) with them.

No permission to create posts

Please write your comments in the forum.