The breach concerns 1,756 members and candidates to the engineering profession (CEPs) who renewed their registration on the OIQ's Roll by credit card between May 20 and May 25, 2020. This situation occurred due to a flaw in an external provider’s transactional software that the OIQ uses.
All of the individuals concerned were notified earlier in the day. The OIQ is offering them support in the form of free credit monitoring services.
The information that may have been accessed by unauthorized third parties is linked to the credit cards that were used to complete the transactions. In a smaller number of cases, e-mail addresses, telephone numbers or home addresses may have also been breached.
Corrective measures taken
The OIQ is already cooperating with law enforcement agencies. It has also reported this incident to the Access to Information and Privacy Office.
Furthermore, measures have been taken to strengthen the security of transactions and lower the risk of such an incident recurring. An independent firm has been hired to identify additional measures that may be put in place.
Finally, the OIQ has created a direct communication channel so that it can quickly answer members' questions about this incident. Information is available on its Web site as well.