Finance Minister Bill Morneau said Tuesday that the federal government is looking into the Captial One Financial data breach, which affected about six million Canadians.
“I’ve already spoken with the head of the Office of the Superintendent of Financial Institutions. I’ve asked him to start an investigation into this issue,” Morneau said.
“We’re going to continue to protect the privacy of Canadians. It’s something we’ve both focused on both in Canada and internationally,” he added.
“It’s an ongoing and important challenge.”
The minister made the comments on Tuesday, less than a day after the hack was revealed.
On Monday, Capital One said personal information including names, addresses, phone numbers, postal codes, email addresses, birthdates and self-reported income, were compromised. Approximately one million social insurance numbers (SIN) were also compromised.
WATCH: Capital One banking breach compromises data of over 100 million people
Morneau said that Public Safety Minister Ralph Goodale is also in touch with his counterparts in the U.S. about the matter.
The FBI has arrested the alleged hacker, who also reportedly accessed the information of 100 million United States residents.
OSFI spokesperson Colin Palmer also commented on the hack, saying the financial services regulator is “monitoring the situation closely.”
Morneau indicated that it’s too to early to say whether this incident will influence a change in Canada’s privacy laws.
“We’re at a stage where we’re trying to investigate to ensure we understand what’s going on,” he said. “This is of really significant concern. We recognize that and will have much more to say in the coming days and weeks.”
He added that the government is working to “ensure this is something that’s not going to happen again in the future.”
WATCH: Equifax to pay up to $700M to U.S. as result of 2017 data breach
Under new federal privacy rules that came into force in November, organizations are obligated to report a breach involving personal information under its control if there is a “real risk of significant harm” to an individual.
Organizations must also notify the persons impacted and detail, among other things, the circumstances, the personal information compromised and steps the firm has taken to reduce harm.
This security breach is just the latest in a string of data hacks that have affected Canadians in recent years, including at U.S. companies such as Uber and Equifax.
In Canada, Desjardins Group revealed a data breach in June that saw the leak of names, addresses, birthdates, social insurance numbers and other private information from roughly 2.7 million people and 173,000 businesses.
In May, Freedom Mobile confirmed that it had been the victim of a security breach, but said the number of customers potentially exposed to the breach numbered 15,000. Researchers at vpnMentor, who discovered the breach and alerted the company, claimed that up to 1.5 million customers had been potentially affected.
— With files from The Canadian Press