Phoenix Pay System Data Breach Highlights Vulnerabilities

69,000 Affected By Phoenix Pay System Data Breach

A recent data breach in the Phoenix pay system exposed the personal information of 69,000 government employees. Managed IT services might have prevented it.  

Yet another embarrassing episode in the ongoing saga of the Canadian government’s Phoenix payroll processing system serves to highlight two crucial points about data system security and general IT operations that companies should take note of. The first is that cybercriminals, or hackers, are only partially responsible for most information breaches, a significant percentage are caused by employee mistakes and carelessness. The other is that a poorly managed data system, or one that is insufficient for the job, can quickly and easily lead to costly and hard to fix problems.

Phoenix Pay Systems Breach

Phoenix Pay System Mishandles Public Servant Info

Since it was launched in 2016, the Phoenix pay system, which handles the payroll for federal government employees under the auspices of Public Services and Procurement Canada, has been continually plagued with problems. It has been estimated that almost 80% of the government’s 290,000 employees have been underpaid, overpaid, or not paid at all, a situation often lasting for months. A solution is still ongoing and will ultimately cost taxpayers billions of dollars.

In the meantime, Public Services and Procurement Canada has been keeping the chief financial officers and human resources department heads of affected agencies informed by distributing reports on employee overpayments every two weeks.

In early February a report listing the full names of 69,087 public employees, along with their home addresses, personal record identifier numbers, and the amounts they were overpaid was inadvertently emailed to the wrong federal government departments. More than 223 individuals in 62 separate departments accidentally received the reports.

Public Services and Procurement Canada has said that the Office of the Privacy Commissioner of Canada was notified immediately after the information breach was discovered and that actions were taken to contain the personal data.

A Pervasive Data Security Problem

In an email to CBC News, Anita Anand, Minister of Public Services and Procurement, stated, “As soon as the breach was discovered, immediate steps were taken to contain and destroy the improperly shared information. There is no evidence that this information was shared outside of the government. Our government takes privacy concerns and the protection of personal information very seriously and it is top of mind in the work we do at PSPC. We will take steps to ensure that this does not happen again and fully reevaluate how personal information is stored and used.”

Privacy Commissioner Daniel Therrien has said that he believes that data breaches involving personal information have been routinely underreported throughout the Canadian government.

According to a report submitted to the House of Commons recently, the personal information of more than 144,000 Canadian citizens had been inappropriately handled over a two-year period.

Managed IT Services Can Prevent Costly Problems

The difficulties being experienced by the Phoenix payroll processing system might have been avoided had they been using the services of an experienced managed IT services provider, and the same is true for any company or organization whether large or small. Companies often have to operate with insufficient IT staff and simply don’t have the personnel or the expertise to devote a team to network security or even to handle daily operations effectively. A managed IT services solution takes over most of the workload with dedicated information security support and performance of routine tasks and maintenance. This frees up IT employees to concentrate on the essential processes, thereby lessening the likelihood of mistakes and problems occurring.

Sysoft has extensive experience providing superior managed IT services to businesses in Toronto and the surrounding region. We’ve become a leader in the industry because of our expertise with a wide variety of IT solutions and excellent customer service. When you’re ready to take your company to the next digital level, contact Sysoft for a free consultation.

30 Years

Latest Blog Posts

Do You Accept Credit Cards?
Do You Accept Credit Cards?

Do You Accept Credit Cards? PCI Compliance is Essential Accepting credit cards is a [...]

Read More
What Types of Organizations Must Implement Written AI Policies
What Types of Organizations Must Implement Written AI Policies

What Does An AI Use Policy Need To Include? An effective AI use policy should cover [...]

Read More
What is Wardriving?
What is Wardriving?

What is Wardriving? Uncovering the Basics and Implications Wardriving is a practice [...]

Read More
Read The Sysoft Consulting Blog