IIROC suffered major security breach

VANCOUVER (NEWS1130) – The organization that oversees Canada’s investment dealers suffered a major security breach.

A security expert is blaming policies and old technology for a major security breach at the organization that overseas Canada’s investment dealers.

The Investment Regulatory Organization of Canada also monitors all trading activity across the country.

Last week, an employee lost a USB drive containing the personal information of more than 50,000 people, with accounts at more than 30 brokerage firms.

“When you listen to the rationale of why it happened and why it shouldn’t happen, it should scare us,” says Tony Busseri, CEO of Route1.

“They’re saying they have strong policies about not losing the (USB) devices. I might first ask the question ‘why are they using technology that’s 10 years old to extract information that’s used remotely,” he says.

“There’s better and obviously much more secure ways of delivering on that,” he adds.

Busseri says there are security solutions that are cheap and effective, but instead “we rely on thick policy manuals” and expect people not to make mistakes.

“Ultimately, what it’s going to take (to improve security) is you and I, and others, getting ticked off and saying ‘enough is enough,'” he says.

“And we expect regulatory bodies, we expect our government to be accountable to us and be sure they are using the best technologies.”

The missing USB drive contains personal information inclduing social insurance numbers and bank account numbers.

IIROC says it has hired a third party to assist its investigation of the security breach.