E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: Toronto Star

Posted on January 31, 2008

      The theft of two computers from a Toronto gym more than a week ago has exposed thousands of current and former members to identity theft.

      The missing computers contain personal and financial information belonging to nearly 4,500 people on file at Fun 2B Fit at 90 Gerrard St., which is owned and operated by the University Health Network.

      The files included names, addresses, telephone numbers and, in some cases, bank account, credit card and social insurance numbers =96 all of which increase the risk of identity theft.

      "There's no reason for a lot of those questions," said Claudiu Popa, president of data security firm Informatica Corporation. "Their members should never trust them again, as far as I'm concerned."

      Fun 2B Fit collected the information from members to facilitate automatic payment of the gym's monthly fee, said company spokesperson Gillian Howard.

      Canada's privacy laws state that anyone collecting personal data should explain why the information is needed, how it will be used, how long it will be kept and what will be done to protect it.

      Howard said she didn't know why the gym asked for members' social insurance numbers. "The principle is you collect the least amount of information possible. (Social insurance numbers) won't be collected in the future," she said.

      According to Popa, there's never any reason to divulge your SIN, a piece of unique information invaluable to identity thieves.

      He said gyms, particularly large ones, often have weaker data security because the sign-up process is so streamlined and many staff use the computers.

      Popa said to watch for red flags such as automated billing, which requires credit numbers; requests for unique information, like place of birth; and a vague or nonexistent privacy policy.

      Gym member Vance Perez, 47, said he was surprised to learn of the security breach, since he hadn't heard anything from the company.

      But worry gave way to relief as Perez remembered how little information he gave the gym =96 only his employee number, so the facility's monthly user fee could be deducted from his paycheque.

      Without the files, Fun 2B Fit has been unable to contact and alert nearly half the affected people. Most of the gym's members work at network hospitals or other nearby health institutions, Howard said.

      The gym has contacted financial institutions and credit card companies on behalf of members, and sent more than 2,300 letters describing the threat to current members, whose addresses were found.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.