Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

USB drives missing with data of 2 million Canadian voters

The incident happened in April but was only publicly reported this week by Ontario's chief electoral officer

Article comments

In one of the biggest privacy breaches in Canadian history, the personal data of over 2 million voters in the province of Ontario held on two USB drives has disappeared.

The incident happened in April but was only publicly reported Tuesday by the provincial chief electoral officer. Greg Essensa said the data on the drives wasn't encrypted, but was in a format that could only be accessed by proprietary provincial software or by a highly skilled programmer using commercial software.

"I'm deeply disturbed," said Ontario privacy commissioner Ann Cavoukian.

It's "the largest data breach that has occurred in the province," from either a public agency or a private sector business. The risk, she added, is someone could access personal information and steal peoples' identities.

It's not merely a black eye for the province. It's also an embarrassment because Cavoukain is known around the world as a privacy advocate.

"One of the reasons I was so disturbed is the data on millions of people was not encrypted," she added.

Elections Ontario isn't exactly clear what's on the drives, or whether the drives were stolen or are merely missing.

No banking info or social insurance numbers on the drives

Essena told reporters the two drives have names, addresses, gender, birth dates and "any other personal information updates provided to Elections Ontario" by roughly half of people on the voters list last fall, and possibly, whether they voted. What's not on the drives are social insurance numbers, health card numbers, drivers licence information, credit card or banking information.

But after several months of investigating it still isn't sure what names were on the drives. It believes they covered 20 to 25 of the 49 electoral districts being worked on by staff at the time.

Even forensic experts hired by the department can't figure out which ridings were on the drives.

The department has done a "rigorous" search for the drive, Essensa said, and a full investigation by a private law firm and a forensics security firm, an investigation still ongoing. It's also been reported to the Ontario Provincial Police.

Meanwhile, he's advising all Ontarians to watch for "potential unusual activity" regarding any transactions with the province, banks, utilities and retailers.

An obviously frustrated Cavoukian said she has issued several orders to provincial civil servants that if data is to be transferred from a provincial computer to a portable device either it has to be de-personalised or encrypted.

Civil servants involved have since left 

However, for some reason neither happened in this instance at Elections Ontario.

A chastened Essensa told reporters that the department's policies "were not followed" and couldn't explain why.

However, he tried to suggest that the odds of the data being misused is low.

"If you were to put these keys into your computer now there's no [file] extension that comes on the files. You would not be able to identify exactly what software you would need to utilise them."

"There is no evidence that copies of personal information on two USB keys have been improperly accessed," he added, but out of "an abundance of caution" is telling the public now.

The USB drives had been to transfer data to laptops in a temporarily leased building where Elections Ontario was updating the voter registry. Laptops used by staff didn't have Internet access to the government's servers.

Staff were told to lock up the drives when they weren't in use.

Two civil servants who had responsibility for the drives are no longer with Elections Ontario, the chief elections officer said. Once the investigations are finished other actions may be taken, he added.



Share:

More from Techworld

More relevant IT news

Comments

Percy said: You could retire quite comfortably on selling this on the black market I wonder why government departments seem to ignore this



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *