Letter to CAA Members regarding Equifax data breach

The following is intended to provide information to CAA members that had subscribed to the CAA-Equifax ID Theft Protection service.

CAA entered into a contract with Equifax Canada that began in March 2015 and ended June 30, 2017, under which Equifax agreed to provide consumer credit and identity theft protection services to CAA members who enrolled for those services.

We did so with the intent of providing a means for members to have confidence that their personal information could be protected from those who seek to use it for disreputable purposes. We chose Equifax as a partner because they were one of the most long-established brands in this category, and we wanted to give members the most assurance we could about this new member benefit.

The contract required Equifax to treat as confidential and to safeguard all personal information provided to Equifax by CAA members in accordance with all applicable laws, including Canada’s privacy laws (PIPEDA).

Since the data breach in the U.S. came to light late last week, we have been seeking answers from Equifax about whether any CAA member data and other Canadian data were compromised. As of now, we have received no clear information from Equifax about the status of our members’ information and whether or not any of it was breached. To be clear, only CAA members that signed up for this service may be affected. Just over 10,000 of our 6.2 million members signed up for this service. Equifax has publicly stated that Canadian information was likely not compromised unless a Canadian might have applied for credit in the United States, but that is as much as we have been provided.

Equifax has made public a US based website for people with FAQs about the situation: https://www.equifaxsecurity2017.com/. Here is also a link to the page for Canada: http://www.consumer.equifax.ca/home/en_ca.

We had hoped that Equifax would be more forthcoming about the breach beyond what has been available in the public domain, in order to be able to assist CAA members that subscribed to this program. Our requests to them since September 7 (the date when this breach became public information) have not yielded anything beyond what is available publicly.

We will continue to press Equifax for information about the breach and the potential implications for those CAA members that signed up. We hope to provide more information if it becomes available.

For further information, please contact:

Ian Jack

Managing Director, Communications and Government Relations

CAA National

613 247 0117 x2007

ijack@national.caa.ca