The Star is reporting that some Toronto clients of Scotiabank are concerned about possible exposure of their personal information after three CD-ROMs listing clients’ names, SIN numbers, registered account type and account numbers have gone missing. The CD-ROMs were mislaid last Wednesday and the bank believes that they have been lost internally. However, the bank is warning clients just in case, so that they can monitor their accounts and make sure there was no fraudulent activity.
The discs were to be sent to the Canada Revenue Agency as part of the bank’s requirements to provide such information. The parcel containing the three CDs went missing while in internal mail between two Scotiabank departments. The number of people affected remains unclear. Scotiabank would only say a “small percentage” of clients had their confidential information on the CD-ROMs. In an email to the Star, Scotiabank confirmed the CD-ROMs were missing, calling the incident an “extremely rare occurrence.” Based on thier investigation, they have no reason to believe that this incident puts customers at risk.
Scotiabank has strict processes and procedures in place to protect customer privacy and confidentiality. I could find no information regarding whether or not the data was encrypted, so I must assume they were not. I hope the CDs are found quickly, and there is no data exposure.