By SINCLAIR STEWART
Globe and Mail Update
The personal information of nearly half-a-million customers at a CIBC
mutual fund subsidiary has gone missing, prompting fears of a potential
security breach and inciting an investigation from Canada's federal
A backup computer file containing application data for 470,000 investors
at Montreal-based Talvest Mutual Funds disappeared in transit on the way
to Toronto recently, the bank said in a news release Thursday.
The file contained everything from client names and addresses to
signatures, birth dates, bank account numbers and Social Insurance
Numbers. Officials at CIBC Asset Management Inc., a division of the
Canadian Imperial Bank of Commerce, said there is no evidence of fraud,
nor is there any indication that any data on this hard drive has been
accessed. The company did not explain how it lost the drive.
Privacy Commissioner Jennifer Stoddart, who launched a probe of CIBC
following a faxing snafu two years ago, said she has determined there
are grounds for another investigation in the Talvest matter, even though
the bank brought the problem to her attention.
Although I appreciate that the bank notified us of this incident and
that it is working cooperatively with my office, I am nevertheless
deeply troubled, especially given the magnitude of this breach, which
puts at risk the personal information of hundreds of thousands of
Canadians, said Ms. Stoddart. My office is committed to carrying out a
thorough investigation into this matter and to ensuring that preventive
and corrective measures are put in place so that this does not reoccur.
The bank said it has taken immediate steps to rectify the problem, and
has written letters to affected customers. The vast majority of these
are clients of Talvest, rather than CIBC, which bought the mutual fund
company in 2001.
The bank has promised to compensate customers for any loss, and is
allowing them to enroll in a free credit monitoring program that can
alert them if someone is trying to use their information without proper
Although we have no evidence that the information contained in the
backup file has been accessed in any way, we are acting out of an
abundance of caution and want to assure our clients that we are taking
all steps possible to address this matter, Steve Geist, president of
CIBC Asset Management, said in a statement.
This is the second major security issue for Canadians in as many days.
Wednesday, the U.S. retailer that owns discount chains Winners and
HomeSense revealed it had been the victim of a massive computer hacking
Sources told The Globe and Mail that the network break-in at TJX Cos.
may have affected as many as 20-million Visa cards worldwide, and some
estimates suggest as many as 2-million of these cards are Canadian. It's
unclear how big that number will be for other card providers, like
MasterCard, but the numbers suggest it could be one of the largest such
breaches the country has ever seen, according to one person in the
financial community. The RCMP is assisting U.S. authorities with that
The Talvest incident is another embarrassing episode on the privacy
front for CIBC, which was at the centre of a faxing snafu in 2004. The
bank sent errant faxes to a junkyard operator in West Virginia for three
years, mistakenly divulging private customer information.
The junkyard operator eventually sued the bank for clogging his fax
lines, and Canada's privacy commissioner launched an investigation. In a
2005 report, she expressed concern about a breakdown in privacy
practices that could reflect a bigger problem in Canadian business.
Subscribe to InfoSec News