DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ca: Southwest Community Business Development Corp. claims there’s nothing they can do if someone steals a laptop with unencrypted information from an employee’s unattended vehicle. Srsly??????

Posted on April 23, 2014 by Dissent

CBC News reports:

A laptop with a database containing the personal financial information, names, birth dates, social insurance numbers, and addresses of 92 people has been stolen in Saint John, a CBC News investigation reveals.

The laptop, containing the information of an identity thief’s dreams, was left in a car overnight, unattended. The car’s window was smashed and the laptop was stolen.

The theft occurred late Jan. 17 or early on Jan. 18, according to Tyler Campbell, a communications officer with the Department of Post-Secondary Education, Training and Labour (PETL).

“The person who stole it would have had to get through the first screen, the lock screen, Microsoft password, and then figure out how to get into the database, which is also password protected,” says Campbell.

The department collects the relevant private information of New Brunswickers accessing the self employment benefit program through Southwest Community Business Development Corp. The laptop was in the possession of a CBDC Southwest employee.

Now steel yourself for the Bullshit Response of the Day:

“The laptop was not in plain view, it was put away, and someone decided that they were going to break into the vehicle and that is circumstances outside of our control. There’s absolutely nothing we can do in that particular circumstance,” said Heather Hubert, the CBDC Southwest executive director.

That statement needs to be shared and ridiculed worldwide.

Read more on CBC News.

Category: Business SectorGovernment SectorNon-U.S.SubcontractorTheft

Post navigation

← PA: Stolen debit card information in Bradford County (updated)
FBI warns healthcare sector vulnerable to cyber attacks →

8 thoughts on “Ca: Southwest Community Business Development Corp. claims there’s nothing they can do if someone steals a laptop with unencrypted information from an employee’s unattended vehicle. Srsly??????”

  1. Amazed Canuck says:
    April 24, 2014 at 2:12 am

    I blushed while reading this.
    *pretending it doesn’t exist*

    In their defense though, their privacy policy does state that they protect your personal info via “locked doors” (that is their “security”, seriously, check it out while it’s still up). What we have here is a very rude thief who did not respect the locked door rule.

    BRW or BRM (Bullshit Response of the Week/Month)?
    I think I like that. New section?

    So if this is a new section you plan on, I get to write the first headline!

    Rude thief smashes window and steals Canadians’ sensitive and personal information.
    CBDC Southwest executive director states they broke the locked door privacy rule; thus this is circumstances outside of their control.

    *pushes jaw back up*

    1. Dissent says:
      April 24, 2014 at 7:27 am

      So, my friend from the north: when are polite Canadians going to rise up and demand better security, transparency, and accountability for protection of their personal information? No custodian of PII or PHI should be able to use such ridiculously low security protocols or to say “It’s out of our control” when they never used encryption or other commercially available and reasonable security?

      1. Amazed Canuck says:
        April 24, 2014 at 1:20 pm

        Wish I had a magic reply to that question. It’s something I’ve asked as well.

        Awareness? A whole lot of lack of awareness?

        I know the first time a gov entity lost whole files on me (PHI) I knew nothing about what rights I have, or don’t have. I wasn’t really into privacy nor knew anything abut it. I did complain to the place though and was told it happens all the time and to live with it (this was a prov gov place). I never knew, or was told, how and where I could file a complaint. I was just more or less told I look foolish for even questioning the losses.

        In all honesty, I think it is lack of awareness, knowledge and education (on all sides). Final answer and best guess.

        There can never be a “rise up”, or people demanding more, without some basic knowledge. No?

        The way I see it, I think most entities view privacy (as a whole) as a money pit. It doesn’t generate revenue (for most). Maybe I’m wrong.

        1. Dissent says:
          April 24, 2014 at 1:59 pm

          Want me to move up there for a while? No, huh? 🙂

          1. Amazed Canuck says:
            April 24, 2014 at 2:42 pm

            HAH!
            You wouldn’t get past the border 😉

            But if you did, through some miracle (or perhaps a nightmare to some), I will dub thee official stirrer-upper and welcome you with open arms.

            I can see the Canadian defamation and SLAPP suits now… A glass of Caribou for liquid courage (for me) would be required.

          2. Dissent says:
            April 24, 2014 at 2:46 pm

            I *always* get past the border. Why do you think I post under a pseudonym? 🙂

  2. Amazed Canuck says:
    April 24, 2014 at 1:59 pm

    Wanted to add… Just to touch base on the knowledge and education part (and training is something I have seen you touch on a few times before in relation to the NullCrew hacks).

    Quote from their privacy policy:
    “the CBDCs have developed this Policy, implemented document security measures and trained our directors and staff about our policies and practices. This Policy recognizes and is in compliance with the following ten Privacy Principles set out in PIPEDA”

    I don’t think anyone was trained really.

    I don’t think they are even compliant with PIPEDA when I glance over their policy in relation to the nature and sensitivity of what they collect on people. PrivCom has some basic auditing checklists on their website. Maybe they should try it one day.

    They don’t even have a point of contact in relation to someone responsible for privacy within their organization, as they should per Canuck privacy reg’s. Just a general phone number. But they sure as heck state, “We may seek to be reimbursed for copying charges” if someone wants to see their info. Guess the most important part to them is there.

    A whole lot of lacking in their policy. How do you train someone to policy when the policy is lacking?

    Guess it’s out of their control.

  3. Ava Muniz says:
    May 11, 2014 at 12:07 am

    I guess the best thing to do is to advice all the staff that has laptops to encrypt their files, also not to leave their belongings inside the car when they’re out. It’s good to bring it with them or left it at home or in the office.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.