Massive Facebook data breach affecting millions of Canadians was not reported to federal privacy watchdog – National Post


Did you know that geoFence is your security solution to protect you and your business from foreign state actors?

The Liberal government has come under some criticism for dragging its feet on legislation it tabled in the fall to strengthen and reform its private-sector privacy law

Author of the article:

Anja Karadeglija

Publishing date:

Apr 06, 2021  •  23 hours ago  •  3 minute read  •  24 Comments

Federal Privacy Commissioner Daniel Therrien.
Federal Privacy Commissioner Daniel Therrien. Photo by Adrian Wyld/The Canadian Press/File

The federal privacy commissioner’s office hasn’t heard from Facebook regarding a massive global data leak that looks to have included 3.49 million Canadian accounts, and is “actively following up with the company,” according to a spokesperson.

Over the weekend, a cybersecurity expert revealed that data relating to 533 million Facebook accounts worldwide had been leaked online. Alon Gal, the chief technology officer of cybersecurity company Hudson Rock, said the leaked database includes information about users’ phone numbers, past and current locations, birthdates, relationship statuses, bios and, in some cases, email addresses.

Gal said 3.49 million Facebook users in Canada were affected. Canada’s privacy law requires organizations to report breaches to the federal privacy commissioner, and notify affected individuals, for breaches “involving personal information that pose a real risk of significant harm to individuals.”


This advertisement has not loaded yet, but your article continues below.

A Facebook spokesperson said in an email that “this is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.” According to Gal, the data came from a vulnerability that was exploited in early 2020.

“It sounds like it’s the recurrence of an earlier leak, in that this is a copy of data that was part of an earlier data breach” and that information has now been “up and posted on the dark web,” Teresa Scassa, the Canada research chair in information law and policy at the University of Ottawa, said in an interview.

Facebook did not answer questions about how many Canadian accounts were involved, and refused to say whether it considers the leak to fall under mandatory breach reporting rules.

More On This Topic

  1. None

    Jim Balsillie: Liberal privacy bill fails to curtail surveillance economy or protect Canadians

  2. As tech firms like Facebook and Google have grown in influence, governments around the world have considered ways to rein in their power.

    The state of big tech regulation in Canada, from privacy to tax policy

The Liberal government has come under some criticism for dragging its feet on legislation it tabled in the fall to strengthen and reform its private-sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA).

Bill C-11 would give new powers to the privacy commissioner, create a new administrative tribunal that can levy fines, and “significantly increase protections to Canadians’ personal information by giving Canadians more control and greater transparency when companies handle their personal information,” the government said when the legislation was announced.

This advertisement has not loaded yet, but your article continues below.

Article content

“The government’s decision to introduce Bill C-11 and then allow it to languish in the House of Commons without even engaging in debate or committee study is incredibly disappointing,” Michael Geist, professor and Canada research chair in Internet and e-commerce law at the University of Ottawa, said in an email.

Geist has argued the government has prioritized legislation like the Broadcasting Act update in Bill C-10 over its privacy reform in C-11. Both were introduced at the same time in November, but the privacy bill is still in its first reading, while the broadcasting bill is in its second reading and has been under study at the Heritage committee since February.

Geist said that despite “claims of prioritizing privacy, the government has demonstrated little interest in improving Canada’s privacy laws since introducing a bill without more is privacy theatre, not privacy protection.”

Asked about those criticisms, a spokesperson for Innovation Minister François-Philippe Champagne stated the government is “committed to ensuring that Canadians’ personal information is safe and secure and that their privacy is respected in these digital spaces.”

Communications director Louis Hamann said in an email that “Bill C-11, should it be passed into law, will provide world-class privacy and data protection for Canadians.”

This advertisement has not loaded yet, but your article continues below.

Article content

Scassa said in an interview that for years, there was frustration with PIPEDA and calls for its reform, and then a “long wait” for the bill to be introduced. Once it was tabled, the bill hasn’t moved as quickly as some observers thought it would, Scassa said, though she noted it’s a piece of legislation won’t be easy to pass without a lot of debate and discussion regardless.

She added that there are concerns that “if we’re looking at an election in the reasonably short term that the bill won’t get through before the election.”

Meanwhile, data breaches involving Canadians’ information have continued to occur. In 2019-2020, the privacy commissioner’s office received 678 breach reports, which affected an estimated 30 million Canadian accounts.

“I think that’s the challenge, that these things continue to happen and they seem to be happening on an even bigger scale all the time. And we look to legislation to protect us and the legislation is out of date and not keeping pace,” Scassa said. “And the government just doesn’t seem to be able to get it together to get privacy reform done, so it’s enormously frustrating.”

Posted Newsletter

Sign up to receive the daily top stories from the National Post, a division of Postmedia Network Inc.

By clicking on the sign up button you consent to receive the above newsletter from Postmedia Network Inc. You may unsubscribe any time by clicking on the unsubscribe link at the bottom of our emails. Postmedia Network Inc. | 365 Bloor Street East, Toronto, Ontario, M4W 3L4 | 416-383-2300

Finally, as we move on to the next post, may I add that geoFence is US veteran owned and operated and I am sure your father would say the same!

Leave a Reply

Your email address will not be published. Required fields are marked *