A Calgary charity has confirmed to Global News it was the victim of an email data breach last fall.
Now, one of its former clients wants to know why it took so long to be alerted.
The Calgary Urban Project Society (CUPS) sent an email to Michael Friesen on Wednesday to inform him that a staff member’s email account had been hacked and some of his personal information may have been put at risk. That information included his driver’s license, bank statements and rent report.
“It’s a little scary to get that in the middle of the day. Your heart kind of palpitates a little bit and you don’t know what you’re going to do,” Friesen said.
Friesen was a CUPS client in 2020 after fleeing an abusive relationship. He provided the non-profit with his personal information so it could help him access funding for a place to live.
CUPS helps vulnerable Calgarians facing the challenges of poverty and trauma.
Friesen appreciates the help CUPS has been in the past. But he wishes he had been told about the September hack sooner.
“Eight months of (personal data) just being out there and not being aware of it,” he said.
“The data breach: whatever, that’s not a big deal. Tell me the moment it happens, so I can stop it.”
CUPS senior director of operations Elaine Wilson told Global News the charitable organization acted quickly upon learning of the hack.
“As soon as we are made aware of any kind of potential breach, we make the report and we follow the recommendations, and the timeline that is provided,” she added.
That included contacting the Office of Information and Privacy Commissioner of Alberta. While awaiting a response, officials said they also initiated further measures to protect staff emails from this type of cyber attack, including two-step verification and email security education.
CUPS said the privacy commissioner responded to its inquiry on April 29 and that is when it started notifying clients.
“Our first priority is to the privacy of our clients’ information and the work that we do with our clients,” Wilson said.
“We have many measures in place to prevent anything. We are constantly assessing the risks as they are changing out there in cyberspace.”
The risks of data breaches continues to change and grow in Canada. According to the Office of the Privacy Commissioner of Canada, it received 782 breach reports affecting at least nine million Canadian accounts during the 2020-21 fiscal year.
Friesen — who just completed a cyber security course with the province — isn’t all that shocked.
“I’m not surprised that it’s happening,” he said. “They’re only going to get worse.
“Cyber security is something we all need to be aware of.”
It’s the first time it happened to him, and he’s not looking forward to the fallout.
“I’m pretty sure that I’m ok. However, now I have to go through all of the stress of changing all my passwords or passphrases. It just gets a little chaotic.”