Calgary

City apologizes for privacy breach of WCB files

Registered letters are being sent to 3,716 victims of a privacy breach after WCB claim information was released due to "human error," say city officials.

Information from 3,716 people sent by city employee to contact at another municipality

City officials are reviewing security protocol after information from 3,716 WCB files was mistakenly released. (Monty Kruger/CBC)

Registered letters are being sent to 3,716 victims of a privacy breach after WCB claim information was released due to "human error," say city officials.

In a release issued late Wednesday afternoon, Donald von Hollen, acting chief security officer for the city's corporate security, said "numbers, names, incident dates, details regarding the nature of the injury or claim, a brief description of the incident, costs associated with the claim, employee ID numbers and business units" were released improperly on June 14 and 15.

"The information disclosure was a result of human error," read the release.

"The incident was detected early, a full investigation was conducted and we have made efforts to ensure the information was contained to prevent further distribution."

Claims involved are from 2012 to 2016 and von Hollen said no personal contact information like addresses, phone numbers, emails, social insurance numbers, personal health numbers, dates of birth or banking information were released.

University of Calgary professor and cybersecurity expert Tom Keenan said these victims shouldn't worry about their personal information being used nefariously.

"It looks like they have it contained so that it's not in the hands of hackers who are going to try to monetize it," he said.

"On the other hand, it's health information, and nobody really likes to think that health related information is in the hands of anybody other that who it should be," he added.

"On a scale of one to 10, it's a four," he said, regarding how concerned people should be about this incident.

An investigation revealed the disclosure happened when a city employee sought technical assistance from a contact working at another municipality.

The recipient got the information at their work and personal email addresses. Von Hollen said officials believe the breach was not malicious in nature.

City officials said the information was not shared further and was deleted.

A review is now underway concerning data and security protocols at the city.