Calgary charity hit by data breach says it responded appropriately despite client concerns

Click to play video: 'Calgary charity hit by data breach says it responded appropriately despite client concerns'
Calgary charity hit by data breach says it responded appropriately despite client concerns
A Calgary charity hit by a data breach last fall says it followed the right protocols and timelines after client questions how long it took to be notified. Tomasia DaSilva has details – May 26, 2022

A Calgary charity has confirmed to Global News it was the victim of an email data breach last fall.

Now, one of its former clients wants to know why it took so long to be alerted.

The Calgary Urban Project Society (CUPS) sent an email to Michael Friesen on Wednesday to inform him that a staff member’s email account had been hacked and some of his personal information may have been put at risk. That information included his driver’s license, bank statements and rent report.

“It’s a little scary to get that in the middle of the day. Your heart kind of palpitates a little bit and you don’t know what you’re going to do,” Friesen said.

Story continues below advertisement

Friesen was a CUPS client in 2020 after fleeing an abusive relationship. He provided the non-profit with his personal information so it could help him access funding for a place to live.

CUPS helps vulnerable Calgarians facing the challenges of poverty and trauma.

Friesen appreciates the help CUPS has been in the past. But he wishes he had been told about the September hack sooner.

Click to play video: 'Alberta man conned out of $8,500 in elaborate scheme'
Alberta man conned out of $8,500 in elaborate scheme

“Eight months of (personal data) just being out there and not being aware of it,” he said.

Breaking news from Canada and around the world sent to your email, as it happens.

“The data breach: whatever, that’s not a big deal. Tell me the moment it happens, so I can stop it.”

CUPS senior director of operations Elaine Wilson told Global News the charitable organization acted quickly upon learning of the hack.

Story continues below advertisement

“As soon as we are made aware of any kind of potential breach, we make the report and we follow the recommendations, and the timeline that is provided,” she added.

That included contacting the Office of Information and Privacy Commissioner of Alberta. While awaiting a response, officials said they also initiated further measures to protect staff emails from this type of cyber attack, including two-step verification and email security education.

CUPS said the privacy commissioner responded to its inquiry on April 29 and that is when it started notifying clients.

Click to play video: 'Alberta Securities Commission launches ‘Spot the Spoof’ campaign against cyber scam sites'
Alberta Securities Commission launches ‘Spot the Spoof’ campaign against cyber scam sites

“Our first priority is to the privacy of our clients’ information and the work that we do with our clients,” Wilson said.

Story continues below advertisement

“We have many measures in place to prevent anything. We are constantly assessing the risks as they are changing out there in cyberspace.”

The risks of data breaches continues to change and grow in Canada. According to the Office of the Privacy Commissioner of Canada, it received 782 breach reports affecting at least nine million Canadian accounts during the 2020-21 fiscal year.

Friesen — who just completed a cyber security course with the province — isn’t all that shocked.

“I’m not surprised that it’s happening,” he said. “They’re only going to get worse.

It’s the first time it happened to him, and he’s not looking forward to the fallout.

“I’m pretty sure that I’m ok. However, now I have to go through all of the stress of changing all my passwords or passphrases. It just gets a little chaotic.”

Sponsored content