Some Shaw customers received letters in the mail this week saying some of their customer information was breached six months ago, Postmedia has learned.
The breach happened on June 22, 2019, when a Shaw employee had their corporate laptop stolen. In a letter to affected customers, Shaw stated the laptop contained “a limited amount of customer information — including customer names, account numbers, a list of services they subscribe to with Shaw, and whether their accounts were active or closed.”
The letter said the risk was believed to be “very low” and recommended users change passwords and enable two-step verification on their accounts.
In a statement to Postmedia Friday, Shaw said the laptop contained no financial information.
“These documents did not include any customer financial information or personal identifiers. Over the past week, we’ve informed our customers of the incident and asked them to take precautionary measures to ensure their account information remains secure,” they added.
Shaw says their investigation into the matter was complex and took several months to conclude.
“Following our detailed investigation, we have no evidence of misuse of any information contained in the documents on the laptop, and believe the risk to our customers is very low,” they stated, adding they continue to work with local authorities to locate the stolen laptop.
The breach comes after Shaw-owned Freedom Mobile suffered a data breach affecting 15,000 customers in late March. Freedom said at the time a “very limited amount” of customer data was exposed as a result of a misconfigured server.
When asked why it took six months for customers to be informed, nor how many customers were affected, Shaw did not respond.
The Office of the Information and Privacy Commissioner of Alberta said in a statement there was no record of a breach reported by Shaw Communications to them since June but that since Shaw is a federally regulated entity, they may have been required to report the breach to the federal privacy commissioner.