Security Incident | Page 2 | Wealth One Bank of Canada | Discussion forum

WealthOne did call me back, which surprised me (see my first post).

The CSR that called assured me that W1 takes security very seriously and that personal information data is kept in encrypted databases. What happened, she said, is that the person whose mailbox was hacked was preparing a “regulatory” report (the CSR kept repeating the word “regulatory” as if it explained or excused anything) and that report contained my unencrypted personal info (and that of many others). I asked what the report was exactly but didn’t get an answer. I also didn’t get an answer as to why a copy of info that is normally kept encrypted was simply sitting in a mailbox unencrypted.

If I understood correctly what the CSR said, it appears that the fact that my date of birth (and other info) was in a mailbox is not considered sensitive enough to warrant further measures (or quicker intervention by W1). Apparently, since many people post their personal info online, including their date of birth, such info is not considered sensitive. (While my own understanding would be that a date of birth is one of the key elements of identity theft.)

The CSR offered to change my account number, which I accepted. She also offered me a one year subscription to TransUnion myTrueIdentity monitoring service. This appears to be a good deal as I would be alerted of key changes and includes “identify theft insurance” of up to $50,000” among other “features.” I haven’t yet checked to see if there would be a downside in using this service (such as making it much harder to move money around or open and close accounts) of if it’s truly useful.