CurzTech News Network
CurzTech News Network | CurzTech World News | CurzTech U.S. News | CurzTech Entertainment News | CurzTech Political News | CurzTech Conspiracy News | Yesterday's News | Offsite Archive
Regina — Canada's largest privacy breach yet, affecting more than a million people, began as a petty crime by a Saskatchewan tech-company employee who wanted an extra 30 gigabytes of personal hard-drive space, police say.
As they announced an arrest in the sensational case yesterday, Regina Police offered a prosaic explanation for the missing data: A 41-year-old employee of a company that handles sensitive information took the drive, deleted the information on it and filled it with his own data.
"We are satisfied at this point that that information has not been used unlawfully," Detective-Inspector Garry Hoedel said.
But police acknowledged they cannot be sure what happened to the personal, financial and medical records from the Saskatchewan government and major Canadian financial institutions that were stored on the drive.
"We can determine if somebody accessed the drive, but to confirm if something was copied from the drive? No," said Detective-Sergeant Gerry Novak of the Regina Integrated Technological Crime Unit.
"It's very worrisome," said Tony Merchant, a lawyer who launched a lawsuit on behalf of people whose data were lost.
The drive was reported missing on Jan. 16 from the offices of ISM Canada, a subsidiary of International Business Machines Corp. Police found it on Monday evening.
The three-week gap raises troubling questions, Mr. Merchant said, particularly because anyone with enough technical savvy to install a hard drive would know that the hardware alone — a 30-gigabyte Western Digital Caviar 307AA — is not particulary valuable.
"Why would somebody steal something worth only about $100?"
The lawsuit will proceed, he said, adding that he plans to apply to the Saskatchewan Court of Queen's Bench within a week to certify it as a class action.
The government of Saskatchewan — which had driver-licence and health-card information on the drive, among other data — is considering its legal options, said Minister of Information Technology Andrew Thomson.
The government will continue to use ISM Canada to manage some important data, Mr. Thomson said, but a security review is under way: There are some significant issues that need to be addressed.
Companies that have been flooded with calls from anxious customers chose a more optimistic interpretation after news of the arrest.
"We're pleased," said Anne Mowat, a spokeswoman for ISM Canada.
"We're very pleased," said Ron Arnst of Investors Group, which had account information of about two-thirds of its one million clients on the disk.
"We are very relieved for our clients' sake," said Dominique O'Rourke of Co-operators Life Insurance Co. The insurer had sent 174,000 letters to life-insurance holders and pension-plan members warning them their data were at risk.
Five Regina Police and RCMP officers are assigned to the case. They would not say where they found the drive, except that it was a "secure area," such as a house.
Police said they chose not to consider the value of the information when charging the ISM Canada employee, who faces one count of theft under $5,000. He is to appear in court on Feb. 27.
Only fragments of the original files can be recovered from the drive because they were overwritten with new information.
The employee has not been named.
Police said the man worked at ISM Canada for six years and remains employed there, though the company would not confirm his status.
© 2003 Bell Globemedia Interactive Inc. All Rights Reserved.
[an error occurred while processing this directive]