Log In
Register
Home
Topic RSS
Facebook
Twitter
Email this8:34 am
July 10, 2011
Offline
I've reproduced this letter as a warning to all PTC members.. PTC Website (Applications) database has been accessed and presumably copied. You should assume your application and information has been compromised.. Italisicized-bolded text added for emphases
October 25th, 2013
RE: Important Notice Regarding Your Personal Information
Dear First Name Last Name,
As is common with most Financial Institutions, and indeed most successful companies, Peoples Trust is constantly on guard against undesirable third parties gaining access to our systems and data, and is repeatedly required to repel unwanted incursions. Over the past 25 years we have successfully fended off all attempts to compromise our systems. However during the past week of October 7th, we became suspicious of a few events that might indicate a possible intrusion into a database on our website. This database was totally separate from our banking systems so no banking information, such as balances, account numbers, logins or passwords could be obtained. As a precautionary measure, we immediately removed all data from this area and enhanced identification procedures and daily processes in our Deposit Services area to monitor for unusual activity pending a full investigation. To date we have seen no suspicious activity.
We retained a forensic investigator to identify the nature of the problem, extent and source of a potential data compromise. On October 11, 2013, the forensic investigator confirmed that a database used to collect on-line application information on our website was compromised by unauthorized access originating in the Peoples Republic of China. None of our banking systems were infected.
The personal information that may have been accessed on this database includes customer name, address, telephone number, email address, date of birth and social insurance number. We can confirm with confidence that your financial information, account data and password information have not been compromised in any way. However this incident may still place some customers at risk for identity theft. We have informed the Police and Canada's Privacy Commissioner, as well as the two major Canadian Credit bureau service providers. To mitigate the risk, Peoples Trust has arranged for a flag to be placed on your credit file which will alert companies accessing your credit information that your data may have been compromised and that lenders should take additional steps to verify your identity before transacting further. The notation will stay on your credit file for a period of 6 years unless you choose to have it removed.
It is not possible to verify the extent of access - or the amount of customer data that could possibly have been compromised - and we are hopeful the impact will be minimal, given the responses we've received from our customers to data (which has been limited to the receipt of a text message requesting a call to an inactive number).
Nothing is more important to Peoples Trust than the security of our customers' personal information. In addition to the steps we have taken, we would like to recommend the following to protect yourself from risk of identity theft or fraud:
- If you receive emails or text messages in the days ahead purporting to be from Peoples Trust asking for account or any other information, please consider that email or text to be fraudulent, and contact us immediately at 1-855-286-8505. Peoples Trust does not solicit account information from customers by email or text.
- Never respond to any unsolicited requests for your banking or personal information.
- As a precautionary measure, we recommend you monitor your accounts for any unusual activity and report any irregularities to to Peoples Trust immediately at 1-855-286-8505.
- You obtain a free copy of your credit file which may be done by calling the following services: Equifax Canada (1-800-465-7166) or TransUnion Canada (1-800-663-9980) and requesting a printed copy be delivered to you by mail. You may also obtain further information on removing the alert by visiting their websites: http://www.equifax.ca or http://www.transunion.ca
If you have any questions about this incident, how it may affect you and the steps Peoples Trust is taking to protect you and your personal information, please call our special information line at 1-855-286-8505. You can also contact Peoples Trust's Privacy Officer:
Darren Kozol, Privacy Officer
14th Floor, 888 Dunsmuir St
Vancouver, BC
V6C 3K4
PH: 604-331-2238
@: Privacy0@peoplestrust.com
Unfortunately, unauthorized privacy incursions are becoming more and more common all over the world. Peoples Trust will continue to take steps to safeguard your information with us. Moe information on personal information security and protecting yourself against identity theft is available from the Office of the Privacy Commissioner at http://www.priv.gc.ca. You should note that they provide a fact sheet on their website entitled "Identity Theft: What it is and what you can do about it" which may be of assistance to you in the present circumstances.
Peoples Trust deeply regrets that this occurred and is doing everything in our means to prevent an incident like this from happening again. Thank you for your understanding, and do not hesitate to call us if you have any questions or concerns.
Yours Sincerely,
Bill Moffatt
Chief Operations Officer
Peoples Trust Company
8:46 am
July 10, 2011
Offline
-Reserved-
I would reset all my passwords for everything.. Just to be on the safe side.. Being proactive is the best bet against further incursion.. Assuming information is in the wild.. I suggest enabling secondary authentication with your cell phone for as many online accounts as possible for awhile.. Better to be safe then sorry when dealing with your security.. While this intrusion occurred over 3 weeks ago and theoretically the data would be in the wild and in use or it could be held for future sales assuming the database/data is 100% valid etc..
Yatti420
9:57 am
December 12, 2009
Offline
I'm not sure it warrants a "sticky" as "stickied" posts generally have a habit of remaining that way indefinitely, although I'm sure Peter's a lot more on top of that than some forum administrators and would "unsticky" it in 30-60 days.
What I'd recommend is posting this in the Peoples Trust forum as it doesn't get a lot of threads anyway, so presumably, would stay "on top" for the required time. You could post a reply every two weeks to once a month to continously keep it "on top". 
Cheers,
Doug
10:33 am
May 15, 2007
Offline
Scary. Thanks for sharing. I've pinned this in the Peoples Trust forum for now. I've also added it to the top of the news area in the right sidebar.
12:26 pm
July 10, 2011
Offline
It should be in the correct sub-forum.. Very scary indeed.. I don't like receiving these.. I was also caught up in the mastercard issue this year.. I have a few followup questions I intend to post shortly..
See ya,
Yatti420
8:44 pm
March 7, 2013
Offline
Yatti420, did you receive this info in an email, or a letter? When?
I have an account with them and haven't received any such communication. And there's nothing on their website.
Maybe still to come?
9:43 pm
February 22, 2013
Offline
A few thoughts and comments about their letter:
I had a Talvest mutual fund that I disposed of in 1999. During 2000 I received a letter saying a backup tape had been lost and my data was possibly "in the wind" and that they would flag it with the Credit Bureaus for 6 years. Here we are 13 years later and I continue to have almost all applications stalled while I prove who I am and explain the Talvest flag. Good thing or bad thing?
The line that reads:
"You obtain a free copy of your credit file which may be done by calling the following services: Equifax Canada (1-800-465-7166) or TransUnion Canada (1-800-663-9980) and requesting a printed copy be delivered to you by mail."
is a real hoot. When/if one calls one is told how to fill out paperwork and submit all sorts of documentation to get the "free" report. It can be done -- and I have learned how -- but when they ask for a current utility bill, if that bill is more than about 60 days old, it isn't considered current and your application is shredded and a letter mailed to tell you to try again. Don't sign the form and documentation in all the right places and your application is shredded and a letter mailed to tell you to try again.
And this line:
"and we are hopeful the impact will be minimal, given the responses we've received from our customers to data (which has been limited to the receipt of a text message requesting a call to an inactive number)"
spells "date" as "data"; but then perhaps I am just being particularly picky. 
GS
12:32 am
October 21, 2013
Offline
Thanks for posting this. I too am wondering why I didn't receive anything directly from PT.
As I read it, the main issue is not security of the account, and it's not necessary to change passwords, nor would it accomplish anything, although it's good to change them periodically anyway. The issue is the potential for identity theft, as they now have our SINs etc.
I sure hope it doesn't cause hassles down the road with the credit agencies.
9:26 am
October 27, 2013
Offline
You may get yours Monday... given Canada Post's variability in deliveries. There was a letter from PT in my mail that I picked up yesterday. I agree the biggest risk is identity theft but at least some of that risk should be taken care of with the 6 year flag with the credit agencies.
What is not covered is possible generation of fake documents not requiring credit checks such as birth certificates and drivers licenses that could be used for other nefarious reasons. It will pay to be diligent.
11:00 am
December 29, 2009
Offline
is there any thing one can do about this?
10:52 pm
July 4, 2013
Offline
When we sign up for an account, we are also asked to provide information for a beneficiary or successor. Are they doing anything about those people who's information is now "in the wind"?
7:44 am
July 10, 2011
Offline
Deb said
Yatti420, did you receive this info in an email, or a letter? When?
I have an account with them and haven't received any such communication. And there's nothing on their website.
Maybe still to come?
This was in a letter via CP.. There are 2 accountholders here we may have been started with first.. As I opened up my account (I believe over a year ago) the database may have dated back quite a ways.. I've emailed for clarification..
@GS I will be clarifying the credit checks also..
@Gomi.. Yes It would be.. Good point.. Also if any passwords were used (I can't remember) definitely need to be changed.. I will be following up on this immediately when I hear a response..
6:29 pm
January 3, 2014
Offline
I received one of these letters advising of the flags on my credit files and didn't think too much about the possible negative effects until today. I phoned one of my credit card companies, wanting to change my address, and had to go through an extra series of questions that I would either pass or fail. Luckily, I passed. Then, I tried to become a pay after customer with a cellphone carrier and was denied credit due to the flag. That was both frustrating and embarrassing, because I have excellent credit and was not able to obtain my objective without my jumping through extra hoops that would cost me time and expense. I understand why this measure was taken, but in the same breath, I have been violated and cannot get my virginity back due to no fault of my own. The breach was due to the improper security measures of the institution. I have written Peoples Trust and advised it that the flags were implemented without my prior knowledge or authorization, and requested that it remove the flags as soon as possible, as I am suffering negative consequence as a result of it's unauthorized actions. In my opinion, it is up to the institution to invest the time and expense to remove that flag.
6:03 pm
January 23, 2013
Offline
I'm one of these people affected and set flags on my credit files. Today I got strange letter from my Credit card company - Fraud and Risk control department, request me to contact them to update my information. I wander if it is related to this incident. I'll call tomorrow and will ask but I doubt they tell you the reason.
I didn't think seriously about the flag but now that I have read kaytidyd's case and have this letter, I think, it negatively affect our life and starting to disappointed in PT. Why we have to suffer what PT didn't do right?
A few years ago, when similar incident from online shopping site happen, and they gave free identity fraud insurance and didn't affect my credit fills. Can PT do similar measure instead of make us suffer?
7:52 pm
October 27, 2013
Offline
Dennis said
I didn't think seriously about the flag but now that I have read kaytidyd's case and have this letter, I think, it negatively affect our life and starting to disappointed in PT. Why we have to suffer what PT didn't do right?A few years ago, when similar incident from online shopping site happen, and they gave free identity fraud insurance and didn't affect my credit fills. Can PT do similar measure instead of make us suffer?
PT may have done the thing they, and their lawyers, thought was best as a value proposition (optimization of positive effect vis-a-vis cost to them). What they have done is essentially requiring companies to take an additional step before granting credit in your name (to mitigate identity theft). We don't know how much identity theft insurance would have cost them, nor do we necessarily know the effectiveness of such policies.
As a dumb layperson, I can only speculate why we might get these letters but here goes: I suspect this will occur when our credit card companies are ready to issue renewals for expiring cards and/or when their algorithms suggest raising credit limits on existing cards. In either case, I assume they would want to do a credit check and when they do, they'll get a rebuttal/flag back from the credit agencies. If I was the card issuer, I would want to hear from my customer/client why that flag might be in place before: a) issuing a renewal, or b) raising credit limit.
9:07 pm
January 23, 2013
Offline
AltaRed said
If I was the card issuer, I would want to hear from my customer/client why that flag might be in place before: a) issuing a renewal, or b) raising credit limit.
It seems one of your guess is right - The card is need to be renewed in a few months. And thanks for explanation. I was a little emotional when I got the letter from "Fraud and Risk control department". After read yours, realize it is just nothing and feel better.
3:44 pm
August 28, 2013
Offline
It looks like that flag on my credit file is working...
I wanted to get a cell phone plan and UPS! something happened so I have to wait 72 hours for further check... Not bad thing but I needed phone for Monday and I might not get a job due to lack of cell phone...
7:42 pm
July 10, 2011
Offline
I just wanted to follow up because I haven't gotten replies to my emails.. My assumption in this case is the database was copied (in full) off the server.. 100%.. My issues is with the timelines.. My account was opened over a year ago.. If that database included my name (as I presume it did as I would get a letter).. My friend also opened an account just over 2-3 months ago.. Got the same letter..
Does this mean this database (regardless of financial content) held over 1 years (if not the entire online lifetime) of ptc client data?
9:52 am
August 28, 2013
Offline
I have account with them for quite a while. So it looks like they kept ALL clients in that database no matter when you opened account with them.
5:13 am
January 3, 2013
Offline
My application for Amazon Visa was declined and the only reason I can think of is this red flag. Anyone had any similar experience? I emailed PT to get the flag removed from my account before re-applying for the credit card. Should I contact Equifax and Transunion myself and get the flag removed?
Please write your comments in the forum.