Security breach triggers warning to some toll bridge users
More than 270 drivers who have just registered for the new Port Mann Bridge tolling system are being warned a privacy breach may have compromised their accounts.
An unauthorized employee who got the job in the Coquitlam service centre under false pretences and took the registrations of affected drivers by phone was fired Friday and is under investigation by the RCMP, Transportation Investment Corp. CEO Mike Proudfoot said.
"This person was not who he claimed to be when he was hired," Proudfoot said.
He said the only affected customers are those who dealt with the worker by phone and they are receiving registered letters advising of the incident so they can watch their accounts for any unauthorized transactions.
"There's no evidence to indicate that personal information has been compromised," Proudfoot said, calling the letters a "precaution."
He said accounts that were set up by drivers online – rather than by phone through the service centre – are unaffected.
"The vast majority of our accounts are registered online and the payment information is encrypted and cannot be accessed by any employee."
So far, about 50,000 TReO tolling accounts have been set up covering 80,000 vehicles, meaning less than one per cent of accounts were at risk.
Port Mann Bridge users who register before March get half-price tolls for the first year as well as 20 free crossings if they sign up before December.
The fired worker was with tolling contractor Trans-Canada Flow and Proudfoot said the firm is taking the matter "very seriously."
He said the TI Corp.'s immediate steps included conducting an internal review, calling in the RCMP, notifying B.C.'s Information and Privacy Commissioner and setting up dedicated phone lines where anyone affected can call and speak to a privacy specialist.
Asked if the incident may reduce public confidence and slow the TReO sign-up rate, Proudfoot said it should not.
"I'm confident the system is secure," he said. "The integrity of the tolling system has not been compromised."
B.C. Freedom of Information and Privacy Association executive director Vincent Gogolek said the incident sounds serious and such breaches can allow criminals to commit not just credit card fraud but identity theft.
"When you have these very large collections of personal data and personal information it becomes attractive," he said. "If this stuff is valuable to Facebook it is also valuable to criminals."