407 ETR to advise customers of internal theft of customer data, limited to account name addresses/phone number
No financial, credit card, payment, account, trip history or other information impacted Inside theft of data - no indication of an external breach of systems
TORONTO, May 16, 2018
407 ETR is directly contacting approximately 60,000 customers by mail to advise that their account name, mailing address, and in some instances their phone number were removed from 407 ETR’s office at some time over the past 12 months.
No other account-related information, such as: credit card, banking information, password, plate number, vehicle information, account balance, or trip history, was obtained.
There is no indication of any external breach of 407 ETR systems. The incident is being investigated as an inside theft of data.
407 ETR was informed of this issue on Thursday, May 10th. In response to this incident, 407 ETR immediately launched an investigation with the support of external security experts. We have also notified the appropriate authorities, including local police, the Office of the Privacy Commissioner of Canada and the Ontario Ministry of Transportation (MTO). The MTO has advised that the Information and Privacy Commissioner of Ontario has also been informed.
While this stolen data is unlikely to present a risk of identity theft or financial harm, 407 ETR will offer all impacted customers free credit monitoring and identity theft protection services for one year. The details of how to obtain this service will be included in the notification letter.
The company is taking this matter very seriously as the privacy and protection of our customers' information is of the utmost importance. We sincerely apologize for this incident and we will continue to do everything possible to ensure full resolution of this matter.
Kevin Sack, Vice President, Marketing, Communications &, Government Relations,