Toronto, Ontario -- August 13, 2019 -- Collision Repair has confirmed that, according to State Farm, no data shared with the company by Canadian repair firms is believed to have been compromised during a recent data breach.
On August 7, America's largest auto insurance company said its systems suffered a data breach, possibly as the result of a cybercriminal attack.
Although State Farm has had extensive branches throughout several provinces in Canada, information from Canadian collision repair businesses was not affected.
State Farm Canada's rapid transition into financial services group, 'Desjardins' that saved customers data in just the nick of time.
The transition began in May of 2018 after Desjardins purchased Canada's State Farm and began to rebrand them into the Desjardins Group. They predicted the transition would be complete by the end of 2019.
"Since State Farm is no longer considered a Canadian company anymore, our customer's data wasn't affected by the hack," a representative from Desjardins told Collision Repair. "The breached data only belonged to American customers who are still with State Farm."
Although Canadian's are lucky their data is kept safe with their protected insurers, previous data breaches like this one could put them at risk.
According to State Farm, this hack was labeled as a 'credential stuffing' hack, a hack where previously breached data such as usernames, passwords, and personal information, is released can be used to access other accounts, resulting in another hack.
Unfortunately for Desjardins, this is not new information.
No less than one month ago, more than 2.9 million Desjardins customer's personal information was leaked by a former employee, affecting more than 40 percent of their customer base.
It was revealed that the compromised data was sold on the dark web - the location where State Farm believes that their attackers may have accessed their own customer's information,
"A bad actor used a list of user IDs and passwords obtained from some other source, like the dark web, to attempt to access to State Farm online accounts," explained State Farm to their effected customers via e-mail. "During our investigation, we determined that the bad actor possessed the user ID and password for your State Farm online account.”
Thankfully, in the same e-mail, State Farm also confirmed that no personally identifiable information was viewable to the attacker, and no fraud was detected. The cycle had stopped.
So while repairers can wipe their brow and thank their lucky stars that their personal information is on lockdown, Toronto-based cybersecurity expert Justin Bull reminds us that companies should always keep their eyes open for new potential risks.
"There is no silver bullet to protect an organization against cybercrimes," said Bull. " The most important thing to do is to maintain good 'computer hygiene' habits--just as you would at home. Don't download unknown email attachments or follow strange links. Some companies invest in sending staff to courses to reiterate the basics of safe computer use."