On May 16, CBC/Radio-Canada released a statement saying that some 20,008 people could be potentially affected by a breach after it found that one of its offices had witnessed a break-in; computer equipment containing confidential information had been stolen from the room. RCMP and local law enforcement were notified of the break-in, security footage of the crime was turned over, and an arrest warrant was issued at the time.
The date of the break-in incident has not been disclosed.
Now new internal documents reveal that the incident could affect 23,675 employees, former employees, contractors and others.
The internal emails also note that CBC/Radio-Canada officials were already dealing with the breach by May 07. It was also found that, as early as May 07, letters to employees warning of the breach were sent ahead of the mass email on May 16.
A spokesperson for the corporation said that the corporation “acted as quickly as possible.”
Another confidential information sheet created by officials of the company published sometime before May 07 suggested that the announcement of the attack be delayed so that CBC/Radio-Canada would not tip off to the thief “that they may have something of greater value than they realize.”
CBC/Radio-Canada has since taken steps to inform everyone who could have been affected by the breach.
“We also decided to send letters to incorporated outside contractors whose business information was potentially impacted and in the same spirit of transparency,” CBC/Radio-Canada spokesperson Douglas Chow said.
The missing equipment has not been located and returned, and CBC/Radio-Canada has yet to disclose the location of the office. RCMP, however, has confirmed that the break-in is being investigated by Ottawa police.
