The Canadian Imperial Bank of Commerce (CIBC) has said its mutual fund subsidiary – Talvest Mutual Funds – has lost a backup computer drive containing information on around 470,000 clients.
The drive – lost while in transit from the Montreal office of Talvest – may have contained vital client information.
This includes everything from personal data such as names, addresses, signatures, date of birth and social insurance numbers to financial information (bank account numbers and beneficiary information), according to a statement on the CIBC Web site.
The loss – and the massive potential security breach it may have caused – is being investigated by Canada’s privacy commissioner Jennifer Stoddart.
Stoddart said there are grounds for a probe to determine whether there was any contravention of the Personal Information Protection and Electronic Documents Act.
“My office is committed to carrying out a thorough investigation into this matter and to ensuring that preventive and corrective measures are put in place so that this does not reoccur,” Stoddart said in a statement.
CIBC, meanwhile, has said there is no evidence to suggest the lost backup file has been “inappropriately accessed”.
However, it said precautionary measures will be taken to protect clients including: notifying all affected clients by letter, compensating them for monetary loss arising directly from unauthorized access of personal information contained on the file, and providing affected clients the opportunity to enroll in a credit monitoring service at no cost.
Talvest is working with the police to investigate this incident and retrieve the backup file, the CIBC statement said.
“We are in the process of contacting affected Talvest clients by letter to advise them of this issue and to detail the steps we are taking to safeguard their information,” said Steve Geist, president of CIBC Asset Management.
He said the financial institution is “acting out of an abundance of caution” and wants to assure clients it is taking all steps possible to address this matter.
News of the CIBC fiasco came on the heels of the announcement of another major security breach at a global conglomorate.
Yesterday, The TJX Companies Inc. – the U.S. parent company of Canadian retailers Winners and HomeSense – announced there was an “unauthorized intrusion” into its computer systems that process and store data on customer transactions involving credit cards, debit cards, cheques and merchandise returns.
Financial information of millions of customers may have been compromised following this breach, which happened in December and exposed customer transactions that occurred during 2003 and from May to December of 2006. Read more