12:43 pm
November 29, 2014
Today (July 16) I received a letter from WealthOne dated July 12 saying that there had been an incident that could affect the security of my personal information, including my name, date of birth, email address, address and phone number. I haven’t seen anyone else discuss this recently (though I was told that this affected many clients).
The letter says that on around May 8, 2021 a third party gained access to the email account of a WealthOne employee. It continues “the investigation did reveal that some of your personal information was available in the compromised mailbox… Based on our investigation, the information available in the compromised mailbox includes your name, date of birth, email address and may also include… address, phone number… customer number…and bank account information (…bank account number and account balance).”
What is of greatest concern to me is the fact that all this information was apparently just sitting in a mailbox, including my date of birth. In all my years on the Internet, I have never sent my birthday to anyone by email (and I’m not on Facebook and any other such outfit and would never enter my real birthdate even if I was). How could my birthdate just be sitting in a mailbox at a bank?
The letter provides a number to call for questions about the incident. Though it’s not indicated in the letter, that number leads to Kroll Monitoring. I called the number and asked how could my birthdate be in a mailbox when I have never sent by birthdate by email to anyone ever, and certainly not to WealthOne. The person who answered did not know. In fact, she couldn’t answer any of my questions and said she would ask WealthOne to call me back directly.
WealthOne took two months to notify me of this issue and then does not provide any details on why or how could all this information be just sitting in a mailbox. They provide a number to an outfit that has no more information than the letter I received. It’s pretty pathetic. I’m not sure what I can do at this point except hope that a third party won’t be able to access any of my accounts at other banks with the information taken during this incident.
3:14 pm
November 21, 2015
I am member with W1B for four years. Everything is hackable. To keep inner peace, I wear the world like a loose garment. Peoples Trust, on their watch hack, offered free some years credit bureau monitoring. I am, to this day, receiving monthly reports. If, in the future W1B offers excellent rates, I'll deposit with them again, up the the coverage limit.
I called W1B and asked for my account number to be changed, which they did.
4:06 pm
November 29, 2014
julio said
Everything is hackable.
I'm sure that's true to an extent.
My main concern is that my personal information was in a mailbox. Why and how? And also: my name and email address in a mailbox? Sure, it's possible (though lousy for a bank) since I sent emails to WealthOne before. But my date of birth? Again: why and how?
5:19 pm
April 2, 2018
HIS285 said
julio said
Everything is hackable.I'm sure that's true to an extent.
My main concern is that my personal information was in a mailbox. Why and how? And also: my name and email address in a mailbox? Sure, it's possible (though lousy for a bank) since I sent emails to WealthOne before. But my date of birth? Again: why and how?
Maybe they did some kind of internal random audit and person was sending your info to higher ups as usually higher ups are way to lazy or ignorant to query databases.
4:42 pm
December 12, 2009
HIS285 said
Today (July 16) I received a letter from WealthOne dated July 12 saying that there had been an incident that could affect the security of my personal information, including my name, date of birth, email address, address and phone number. I haven’t seen anyone else discuss this recently (though I was told that this affected many clients).The letter says that on around May 8, 2021 a third party gained access to the email account of a WealthOne employee. It continues “the investigation did reveal that some of your personal information was available in the compromised mailbox… Based on our investigation, the information available in the compromised mailbox includes your name, date of birth, email address and may also include… address, phone number… customer number…and bank account information (…bank account number and account balance).”
What is of greatest concern to me is the fact that all this information was apparently just sitting in a mailbox, including my date of birth. In all my years on the Internet, I have never sent my birthday to anyone by email (and I’m not on Facebook and any other such outfit and would never enter my real birthdate even if I was). How could my birthdate just be sitting in a mailbox at a bank?
The letter provides a number to call for questions about the incident. Though it’s not indicated in the letter, that number leads to Kroll Monitoring. I called the number and asked how could my birthdate be in a mailbox when I have never sent by birthdate by email to anyone ever, and certainly not to WealthOne. The person who answered did not know. In fact, she couldn’t answer any of my questions and said she would ask WealthOne to call me back directly.
That's not possible, actually. If you have an account with WealthOne Bank of Canada, they have your birth date. It's theoretically possible they might not have asked for it at account opening, but it would've been on your credit bureau, so would've added at that point as to not have a birth date on file at a bank, credit union, or money services business would be a serious omission of FINTRAC data retention requirements. It's a legally required bit of information one must provide.
WealthOne took two months to notify me of this issue and then does not provide any details on why or how could all this information be just sitting in a mailbox. They provide a number to an outfit that has no more information than the letter I received. It’s pretty pathetic. I’m not sure what I can do at this point except hope that a third party won’t be able to access any of my accounts at other banks with the information taken during this incident.
This is anecdotal and there's little context here. I wouldn't worry about it, to be honest.
Cheers,
Doug
4:55 pm
November 29, 2014
Doug said
That's not possible, actually. If you have an account with WealthOne Bank of Canada, they have your birth date. It's theoretically possible they might not have asked for it at account opening, but it would've been on your credit bureau, so would've added at that point as to not have a birth date on file at a bank, credit union, or money services business would be a serious omission of FINTRAC data retention requirements. It's a legally required bit of information one must provide.
I thought my post was pretty clear if not perfectly well written. I know banks have my date of birth on file. However, I would never have imagined that my personal information, including my date of birth, would be sitting in a mailbox at a bank. That is the main issue, for obvious reasons.
2:15 pm
October 29, 2017
Yes, I too am curious why customer personal info is available in a mailbox. But I also accept that my personal info isn’t exactly secret information to begin with. However, I would expect that FI employees would not load a section of a database of customer info into an email! This isn’t just one or two customers so it’s definitely a database sitting in a mailbox.
2:26 pm
April 14, 2021
I also called W1 to check on the status of my information and was told that I was unaffected. I asked them to remove any unncessary information from my profile and I think that they removed my SIN, too. I was first told by Canadian Western Bank that my SIN was not mandatory. I was quite surprised to learn of this, since virtually every FI with which I deal seems to demand it.
I have been asking for the removal of all unnecessary information from each FI, whenever I happen to call. Some, like CTire, refuse to remove it and say it is necessary. I did not belabour the point, but I'll keep trying with the others.
If anyone would care to cite the exact wording of SIN non-requirement, that would be much appreciated. 🙂
3:51 pm
August 29, 2019
I found this quickly on an online legal page:
"You can open a bank account if you don't have a SIN. If you earn interest on money in your account, you will have to submit an income tax return to the Canada Revenue Agency (CRA). The banks will ask you if you have a SIN because they are obliged to report any interest you earn on money in your account to CRA. However, the banks do not need a SIN to report to CRA. The CRA can process your income tax return without a SIN".
9:07 pm
April 6, 2013
Lamaison said
I found this quickly on an online legal page:"You can open a bank account if you don't have a SIN. If you earn interest on money in your account, you will have to submit an income tax return to the Canada Revenue Agency (CRA). The banks will ask you if you have a SIN because they are obliged to report any interest you earn on money in your account to CRA. However, the banks do not need a SIN to report to CRA. The CRA can process your income tax return without a SIN".
That's not true.
According to CRA, if you have a SIN or other tax identification number, you have to provide it if the account generates interest. $100 penalty for each failure to do so:
Failure to provide an identification number
Individuals, trusts, corporations, or partnerships have to give their social insurance number (SIN), trust account number or business number (BN) on request to anyone who has to prepare an information slip for them. A person or partnership that does not do so is liable to a $100 penalty for each failure to comply with this requirement. This penalty does not apply if the person or partnership had applied for, but had not yet received, a SIN, a BN or program account number at the time the return was filed.
A person who does not have an identification number must apply for one within 15 days of the date of an information request. After receiving the identification number, the person has 15 days to provide it to the person who is preparing an information return.
12:01 pm
September 11, 2013
Easier, more efficient for CRA to match tax return (which includes SIN) interest, etc amounts reported with corresponding amount reported under same SIN to CRA by fi.
The letter from Wealth One had a special phone number to call re this incident, I ended up talking to a friendly USA-accent person (security outfit hired by the likes of Wealth One to handle calls re security breaches, it appeared) who really didn't know more than the letter said. I phoned Wealth One and was told there were two levels of risk and because my letter made no reference to my TransUnion credit file then I'm in the lower risk group so no real need to do anything except make sure I don't open any phishing emails posing as Wealth One and change my password more frequently, maybe once a month. I said ok.
Clarification: By higher vs lower risk I meant the amount of personal data that was compromised, some folks had more personal data in the hacked email box than others.
Please write your comments in the forum.