CASSIDY RAMSAY: DATA INCIDENT NOTIFICATION
Cassidy Ramsay is a law firm that has provided professional and knowledgeable legal services to Winnipeg and the surrounding area since the 1970s. Our lawyers specialize in handling cases related to family law, wills and estates, real estate law, corporate/business law and more.
We believe that the protection of our clients' personal data is vital. Regrettably, a data security incident may have compromised some of the personal data in our records. While we immediately dealt with this incident once we became aware of it and we have no evidence any personal information was accessed or misused, we are providing you this notification so any person who may be affected can understand what has happened.
If you have any questions about this incident, you can call us Mondays to Thursdays between 8:30 AM - 4:30 PM and Fridays between 8:30 AM - 3:30 PM at 204-934-6256.
We sincerely regret that this incident has occurred. We are committed to taking steps to protect your data and to provide you with information about what has happened. The details follow below.
-
What HappenedOn February 11, 2019, our network monitoring discovered that our computer network had been disabled by a cyberattack. We immediately engaged security experts and learned that a third party had gained unauthorized access to our computer system earlier that morning. The unauthorized access was closed off by 10:30 AM that same morning. Our investigation of this incident is ongoing. In the meantime, we have regained access to our network and have been working to understand what happened, and why.
-
What Information Was InvolvedWe are unable to determine the exact extent of the data that may have been affected. While we have learned that unauthorized access was gained to our entire network, the intruders only had access for 10 hours and we cannot determine which files (if any) were viewed or taken. In the interests of transparency, we are providing this notice so that anyone who has worked with us, or whose data we hold, can be made aware of this incident. The oldest client records we maintained on our computer system date back to February 28, 1988. However, until we began regularly communicating with our clients by email about five years ago, we are confident that the client data on our system was limited to names, contact information, generic time entries of legal services performed, and amounts billed and paid. These files should not contain payment or any financial information, nor do they contain legal advice. Any data that was emailed to us by you or others on your behalf is also stored on the system. You should know that if you provided unencrypted financial information to us by email (such as bank account numbers, credit card information, or a Social Insurance Number), identification information (such as your driver's licence number), medical information, or any information about your case, that data may also have been affected by the incident. Any information we provided you by email, such as legal advice, may also have been affected. Given all of these variables, it is difficult for us to estimate the number of people who may have been affected by this incident.
-
What We Are DoingWe have taken this incident very seriously. While we had security measures in place before the incident, such as a firewall and anti-virus and anti-malware software, we immediately engaged a security expert to help limit any further unauthorized access to our system and to help us understand what data may have been affected. We also notified the Office of the Privacy Commissioner of Canada and our professional regulator. We were not able to fully restore our computer system until March 24, 2019. Since that time, we have been working to better understand what has happened, so that we can provide meaningful notification to anyone who may be affected by this incident. While we had previously hired experts to protect our computer systems, we have now taken the additional step of investing in new hardware and software, to avoid any reoccurrences. We are continuing to conduct a review of the data that may have been affected, and will update this website if there are any significant developments. We have no information that indicates anyone's personal data has been misused. You should know, however, that credit reporting and identity theft monitoring services are available to help determine if your personal data has been misused for financial purposes. More information on these services follows below.
-
What You Can DoMeasures that you may take to reduce the risk of harm that could result from this incident include: Changing your passwords regularly; avoid easily guessed passwords or using the same password for multiple accounts. Reviewing your payment card account statements for unauthorized activity and immediately reporting unauthorized activity to the financial institution that issued your card. Obtaining a free copy of your credit report from each of the two major credit reporting agencies. You may also place a fraud alert on your credit report. The alert informs creditors of possible fraudulent activity within your report and requests that the creditors contact you prior to establishing any accounts in your name. Contact information for the two national credit reporting agencies is as follows: Equifax Canada 1-800-465-7166 http://assets.equifax.com/assets/canada/english/cr... Attention: National Consumer Relations P.O. Box 190 Station Jean-Talon Montreal, Quebec H1S 2Z2 TransUnion Canada 1-800-663-9980 https://www.transunion.ca/resources/transunion-ca/... Attention: Consumer Relations 3115 Harvester Road, Suite 201 Burlington, Ontario L8L 3N8 Being vigilant against third parties attempting to gather information by deception (commonly known as “phishing”), including through links to fake websites. If you believe you are the victim of identity theft or that your personal data has been misused, you should immediately contact local law enforcement, including your local police force and the Canadian Anti-Fraud Centre (CAFC). You can consult the RCMP's tips for avoiding identity theft, and steps you can take, if you are a victim of identity theft: http://www.rcmp-grc.gc.ca/scams-fraudes/id-theft-v... and http://www.rcmp-grc.gc.ca/scams-fraudes/victims-guide-victimes-eng.htm. The Office of the Privacy Commissioner of Canada (OPC) oversees our personal information handling practices. You have the right to direct your concerns about this incident to the OPC, at 30 Victoria Street, Gatineau, Quebec, K1A 1H3, Toll-free: 1-800-282-1376, Telephone: 819-994-5444, by its Contact Us page at https://www.priv.gc.ca/en/contact-the-opc/.
-
For More InformationWe sincerely apologize for any inconvenience or concern this incident may cause. We have put measures in place to try to ensure this will not happen again, and we assure you that we will continue to diligently investigate this incident. Your confidence in our services is critically important. If you have any questions or concerns, please check this website for updates and do not hesitate to call us Mondays to Thursdays between 8:30 AM - 4:30 PM and Fridays between 8:30 AM - 3:30 PM at 204-934-6256.