Canada Border Services Agency data breach revealed workers’ personal information

by

Some CBSA workers had their personal and workplace information erroneously shared with managers

A Canada Border Services Agency (CBSA) patch is seen in Ottawa, on Sunday, Sept. 29, 2024.Photo by Spencer Colby /The Canadian Press

Personal and workplace information for some 18,000 Canada Border Services Agency employees was erroneously shared with 70 managers through an email attachment last week.

Recommended Videos

Affected CBSA staff were notified of the internal data breach in a Feb. 7 email which explained that a mass email had been sent to the management group on Feb. 3 that inadvertently included an attachment containing workers’ gender information, pension eligibilities, classification levels, shift schedules and leave balances.

The information shared did not include social insurance numbers, home phone numbers or addresses, or any financial information.

A copy of the email notifying staff of the data breach was shared this week with Postmedia.

Neil O’Brien, CBSA’s chief privacy officer, said in the email to affected staff that it was normal for limited personal information to be shared among work units in relation to shift scheduling, “but the inclusion of additional employees from across the country and the additional information … represents a privacy breach.”

“The CBSA is also tracing the electronic trail of all instances of this information in order to ensure that all copies are deleted and working with recipients to help prevent further sharing,” he wrote.

The 70 managers were told on Feb. 6 to immediately delete all opened and unopened copies of the email and its attachment.

“The CBSA is investigating how such a large data holding could be retrieved from our systems, shared over our networks and the conduct of the employees involved,” O’Brien wrote in the email.

He said his office had reviewed the personal information included in the message and had not identified any increased risk of identity theft.

CBSA
A copy of an internal email sent to Canada Border Services Agency staff warning of a data breach sent Feb. 7, 2025.Photo by Submitted

In a statement shared with Postmedia on Tuesday afternoon, CBSA spokesperson Luke Reimer confirmed the data breach and the steps being taken that were outlined in the internal email to staff.

“The breach resulted from an employee taking a large data file off a mainframe system to create a custom report, then mistakenly sharing the entire source file alongside the custom report,” said Reimer.

“While the risk of identity theft is considered low, the CBSA has put in place mitigation measures to help prevent the information included in the breach from being fraudulently used to access internal employee services.”

Reimer said the CBSA had notified the Office of the Privacy Commissioner of Canada as part of their investigation.

Related Posts

Resignation of three town councillors latest shock to small Quebec town

Three to See in Edmonton this weekend: Sures and Laverty, Davies’ art and Buckner’s substack

Donald Trump to Mike Pence: With Your Help, I Can Win This Election TODAY!

Teen swimmers from Dorval, Que. honoured for saving British man in Barbados

This will close in 0 seconds