Nurse Leslie Warner will always remember the day she was taken to her local RCMP detachment in Fernie, B.C., where she faced charges related to a social security fraud scheme originating from Alberta. She recounts the experience of being fingerprinted and having her photograph taken.
‘I thought to myself: ‘Oh my God, this is identity theft,’ Warner recalls expressing to the authorities. ‘I did not commit this crime.’ The fraud charges were subsequently dismissed after she clarified that an imposter had been using her identity since 2020, following a breach of her Canada Revenue Agency account that resulted in a fraudulent tax return being filed in Alberta, falsely designating H&R Block as her ‘authorized representative.
‘ However, Warner had never given permission for H&R Block to handle her tax filings. For years, Warner has been striving to comprehend how her identity — and at times her entire life — was compromised. She continues to feel ‘anxious’ about the possibility of her CRA account being hacked again. The Fifth Estate has discovered that Warner’s name is among thousands affected by a significant breach of personal information — including social insurance numbers — from the British Columbia government’s Interior Health authority, which oversees hospitals and medical facilities in the eastern region of the province.
While the extent of exploitation of these names by fraudsters remains uncertain, The Fifth Estate has identified instances where stolen identities of various current and former Interior Health employees have been utilized to secure fraudulent CRA refunds and loans in recent years. A former Ontario privacy commissioner has remarked that this situation could be a ‘nightmare’ for those whose names and personal information are part of the breach.
‘This is appalling,’ stated Ann Cavoukian, executive director of the Global Privacy and Security by Design Centre. ‘Such matters must be highlighted for public awareness.’ An individual identifying themselves as ‘Anonymous’ recently contacted The Fifth Estate, providing what they claimed was a list of names that had been stolen from the B.C. government agency.
Reports suggest that the list was sourced from vendors on the dark web, who created a group on the encrypted messaging app Telegram in 2017 and subsequently sold the data for approximately $1,000. The Fifth Estate has not independently verified the existence of this Telegram group or the claimed sale price.
However, it has confirmed with several individuals identified as victims that they were indeed employed by B.C.’s Interior Health authority, all of whom corroborated the accuracy of the information pertaining to them. The breach encompasses social insurance numbers, home addresses, and birth dates of over 28,000 employees linked to the agency between 2003 and 2009. In a message to The Fifth Estate, an individual identifying as Anonymous stated, ‘As a former criminal involved in similar activities, I now seek to assist others and atone for my past.
I believe this information could be highly valuable in identifying and reaching out to potential and future fraud victims.’ Anonymous also mentioned that the list was initially acquired from a data leak several years ago and that the information has been sold and disseminated to thousands over the past five to six years. The Fifth Estate has not verified how many individuals have obtained the data.