jeremy wrote:I confirmed with Peoples that I was compromised, and that they sent the letter to my old address.
Prudent people who move pay Canada Post to forward mail from their old address to their new address for at least a year. Did you do that? Maybe you have a beef with CPC over failure to forward the fateful letter.
Seems a bit deceptive to tell people something like "only a small percentage of clients were affected, and they were sent the letter"
The statement can be true without it being deceptive. That has nothing to do with whether any of the affected clients moved. The breach affected only applicants in a particular timeframe. They could well represent "only a small percentage of [total] clients."
I agree that it's sloppy to send the letters using the addresses on the compromised applications rather than the current addresses they have on file. OTOH consider someone who made an application but never followed through with the void cheque. They don't have an account with PT but their information was still compromised. In those situation PT is notifying non-clients. Perhaps they went beyond what they're required to do in this respect.
Finally, you should be happy that you moved. Anyone who tries to use your compromised data will run into trouble when the address they use doesn't agree with what the credit reporting agencies have on file. In that sense you're
more secure than those of us who didn't move even if only we got the letter
they couldn't be bothered to send the letter to customers' current addresses.
Is that what they actually told you or is that just your inference? Perhaps instead of consciously deciding not to be bothered it never occurred to them to consider people who moved. Perhaps they assumed that people have their mail forwarded when they move. I don't know. But unless someone in a position to know told you explicitly that "they couldn't be bothered" then with respect, neither do you.
bill2009 wrote:I don't worry about my money as such because of, ultimately, CDIC backing but these kind of events are just going to continue.
This really has nothing to do with CDIC. In any case your money wouldn't be at risk because all a hacker can do online is transfer funds between a PT account and some external account. A hacker would have to also compromise that account in order to hijack your money.
But in any case, according to PT this security breach did not include account information. This breach isn't about money on deposit at PT (which is CDIC's concern) but rather about a hacker using purloined personal information to commit identity theft.
Sedulously eschew obfuscatory hyperverbosity and prolixity.