Some Toronto clients of Scotiabank are concerned about the possible misuse of their personal information after being informed by the bank that three CD-ROMs listing clients’ names, SIN numbers and registered account type and account numbers have gone missing.
Michael Binetti, a lawyer who specializes in commercial litigation and competition law with Affleck Greene McMurtry LLP, received a call telling him about the missing information on Saturday.
The 31-year-old was concerned when he heard the news that his personal information might no longer be confidential and could potentially be used by someone to get fraudulent credit cards or establish a fake identity.
“It’s disheartening to know that a company that big can’t keep track of a CD-ROM with confidential information on it,” he told the Star. “I don’t want to be in some situation where some rogue is applying for credit in my name . . . And then I have to prove he’s the imposter.”
“With big organizations there is a certain risk anyway. But it’s disappointing to hear that some courier somewhere has these CD-ROMs and they (the bank) can’t find them.”
Binetti said he was told by a Scotiabank representative the CD-ROMs were mislaid Wednesday and that the bank thought they had been lost internally.
However, the representative said the bank was warning clients just in case so they could monitor their accounts and make sure there was no fraudulent activity. Said Binetti: “What choice did they have? I’m not going to give them credit for being proactive.”
Binetti said he was also told to have a personal credit check done to see if there were any new credit cards listed that he hadn’t applied for.
Other bank clients also contacted the Star to express concern.
In an email to the Star, Scotiabank confirmed the CD-ROMs were missing, calling the incident an “extremely rare occurrence.”
“The parcel containing the three CDs has gone missing while in internal mail between two Scotiabank departments,” Joe Konecny, a media spokesman for the bank, said in the email.
“Based on our investigation, we believe that the CDs were misdirected in internal mail and we have no reason to believe that this incident puts our customers at risk.
“We are notifying customers as a precaution. The Canadian privacy commissioner has also been advised.”
Scotiabank also confirmed the discs contained the names, mailing address, social insurance numbers, registered account type and account numbers for clients. They, however, did not contain account balances or other financial or employment information, according to Scotiabank.
But how many people have been affected remains unclear. Scotiabank would only say a “small percentage” of clients had their confidential information on the CD-ROMs.
The discs were to be sent to the Canada Revenue Agency as part of the bank’s requirements to provide such information to the agency. The bank has strict processes and procedures in place to protect customer privacy and confidentiality, the statement added.
But that doesn’t ease Binetti’s mind. “The lesson for consumers is don’t assume because you’re dealing with a big organization that they have control over your information the whole time,” he said.
