New SINs ‘will not protect individuals from fraud,’ said government official
· CBC News
The one million Canadians who saw their social insurance numbers stolen in the massive Capital One data hack shouldn’t count on Ottawa to help bail them out of trouble with identity thieves.
In 2018, the federal government issued replacement SINs in just 60 cases of fraud and abuse, according to recent testimony before a House of Commons committee.
Elise Boisjoly, an assistant deputy minister with Employment and Social Development Canada, told the Commons standing committee on public safety and national security that her department handed out more than 1.6 million new social insurance numbers last year — but issued only a few dozen replacement numbers because “getting a new social insurance number will not protect individuals from fraud.”
“The former social insurance number continues to exist and is linked to the individual. If a fraudster uses someone else’s former social insurance number and their identity is not fully verified, credit lenders may still ask the victim of fraud to pay the debts,” Boisjoly said during a mid-July hearing on a data breach at the Quebec-based credit union Desjardins, which exposed the personal data of 2.7 million customers, including SINs.
Social insurance numbers are prized by criminals because they can be used to apply for credit under someone else’s name or establish new “synthesized” identities. They also can be sold to create false documentation for illegal workers.
While Boisjoly acknowledged the challenge posed by “ever larger data breaches,” she said issuing replacement numbers to victims might create more problems than it solves, leading to potential errors in the calculation of pensions and benefits and requiring recipients to monitor both the old and new SINs on a “regular and ongoing basis.”
Earlier this week, U.S.-based Capital One Financial Corp. disclosed that a March breach of its cloud storage server exposed the sensitive information of 100 million Americans and six million Canadians — including names, addresses, credit scores and, in some cases, social insurance numbers.
The information was taken from card holder accounts and credit applications dating back as far as 2005. A 33-year-old Seattle software engineer has been charged with computer fraud and abuse after she allegedly boasted of the heist on social media, indicating that she wanted to share the SINs, full names and dates of birth.
It’s just the latest example of a large-scale hack targeting the personal information of consumers.