On october 25, 2013, peoples trust company notified about 12,000 to 13,000 individuals of a risk of identity theft due to unauthorized access to a database used to collect their online application information on peoples trust company website peoples trust has arranged for a flag to be placed on your credit file which will alert companies accessing your credit information that your data may have been compromised and that lenders should take additional steps to verify your identity before transacting further. The notation will stay on your credit file for a period of 6 years unless you choose to have it removed. In march tried to open online a checking account with td. Application rejected – no reason given. After hours on the phone i was told that the credit check was unsuccessful and asked to go in a branch with proof of employment, utility bills and two pieces of id. I got the account after i provided all the documents. In june i tried to get online a credit card with scotia bank. Identical experience. Got the credit card. – in october, two weeks ago, i tried to open a brokerage account online. It is an online only brokerage – no brick-and-mortar locations. Application rejected – no reason given. After endless calls i was told today that my identity check failed as they pull an equifax credit report in order to do that and they couldn’t do it. The only way they would accept to open my account would be to have my identity validated by a commissioner of oaths, lawyer or public notary. Called a lawyer – & 036;400 for me and my wife. Third party hackers exploited known vulnerabilities in a web editor used to design and manage an older version of the people’s trust web portal. The people’s trust web portal had been recently redesigned by a third party contractor. The contractor used a new web editor and did not remove the old web editor that had been left there by the previous design team. The old web editor had not been used in years and the organization was unaware that it was there, so the threat was neither evaluated nor managed. Duplicate, unencrypted versions of sensitive personal information were permanently stored on the web server going back as far as 2007. People’s trust had not carried out any vulnerability scans since the original design of the web site in 2005. People’s trust did not have adequate security policies at the time of the breach. The federal privacy commission found that the combined impact of the problems noted above meant that people’s trust had violated pipeda principles requiring them to implement adequate organizational policies and training to ensure protection of personal information; had failed to establish and implement appropriate guidelines establishing appropriate retention periods; failed to delete personal information when no longer required and failed to implement adequate security.