Telecommunications company Shaw has notified several of its customers that it suffered a potential data breach back in June, which may have compromised some consumer information.
News of the breach comes after the Office of the Privacy Commissioner of Canada (OPC) revealed that over the past year about 28 million Canadians had been affected by a data breach incident.
According to the letter Shaw sent its customers, a laptop belonging to an employee was stolen on June 22. The theft was reported to the police, but the laptop contained documents with a “a limited amount of customer information — including customer names, account numbers, a list of services they subscribe to with Shaw and whether the accounts are active or closed.”
Shaw did not disclose how many current or former customers were affected.
The telecom company said that the documents did not include any financial information, such as credit card numbers of personal identifiers like birthdates. Shaw also offered assurances that there is no evidence that any of the exposed information had been misused.
Following the reveal of the breach, Shaw recommended to its customers that they change their password and set up two-step verification on their account.
“Since the incident, we have implemented additional measures to secure our corporate devices… We care about the privacy and security of your personal information and protecting it remains our top priority,” the company said in its letter.
Shaw told CBC News in a statement that the letter was only sent to a “very small” number of affected customers, the incident was immediately reported to the authorities, and that an internal investigation took several months to reach a conclusion over the matter.
The company insisted that a “small number of customers” were affected by the breach when pressed, and that it took six months before it could disclose the incident to customers because its internal investigation process was complex.
Under federal law, businesses must report any security breaches that involve personal information to the OPC. Shaw confirmed that it had filed a preliminary notification to the OPC in August, and an OPC spokesperson verified with CBC News that it is in contact with the telecom company.
