Advertisement

Saskatchewan privacy commissioner investigates potential breach of hunting licensing system

Saskatchewan's privacy commissioner is currently investigating a possible security breach involving the province’s hunting, angling, and trapping licence system. Sean Kilpatrick / The Canadian Press

Saskatchewan’s privacy commissioner is investigating a potential privacy breach involving the province’s hunting, angling, and trapping licence system (HAL system).

The province said the incident occurred on Jan. 7 when an email regarding Hunter Harvest surveys was sent to HAL customers from a third-party agency called Aspira.

Aspira sent an email that contained the customer name and HAL account identification number to about 33,000 email addresses.

Read more: Saskatchewan eHealth ransomware attack called one of province’s largest privacy breaches

“The email was individually addressed — by name — and the error resulted in the email recipient not necessarily matching the person to whom the email was intended,” the province told Global News in an emailed statement on Tuesday.

Story continues below advertisement

“This issue was caused by human error at Aspira. The system was not hacked or breached in any way. A person’s web account cannot be accessed with just their name and HAL number, as web accounts are password protected.”

The province informed the office of the privacy commissioner on Jan. 8.

Though privacy commissioner Ron Kruzeniski said he can’t comment on the specifics of the investigation, he said it’s always a good thing to tackle these types of issues head on.

Read more: eHealth must do ‘much’ more to prevent security breaches: Saskatchewan auditor

The most important part of all of our investigations is making recommendations for change in the future. Once a breach occurs, you can’t do much about it,” Kruzeniski said.

“You know, it’s an old prairie expression. It’s closing the barn door after the horse is out, but what you can do is put in some things that will reduce the risks of it happening again.

“I don’t think you can ever just prevent it from happening again, but you can reduce the risks.”

The potential breach follows the ransomware attack on eHealth Saskatchewan in 2019-20, which is being called one of the largest privacy breaches in the history of the province, and a recent breach at Saskatchewan Polytechnic.

Story continues below advertisement

Read more: Sask. auditor reviewing eHealth cyber security amid ransomware attack

“The government clearly has a major problem when it comes to protecting the privacy of the people of Saskatchewan,” said Erika Ritchie, NDP environment critic.

“Why is the private information of our province’s hunters in the hands of an American company instead of being administered by one of our Crown corporations?”

The province said that although it is confident that no personal information has been jeopardized due to the error, both the ministry and Aspira will offer a new HAL number to any member who wants one.

Click to play video: 'Saskatchewan eHealth ransomware attack called one of province’s largest privacy breaches' Saskatchewan eHealth ransomware attack called one of province’s largest privacy breaches
Saskatchewan eHealth ransomware attack called one of province’s largest privacy breaches – Jan 8, 2021
Advertisement

Sponsored content