Equifax Arrests

Classification: Unclassified

Branch/Agency: RCMP

Proposed Response:            

Background:

In September 2017, Equifax revealed that it fell victim to one of the largest data thefts on record, with names, credit card numbers, social security numbers and other information stolen by a group of criminals that have yet to be identified.

In July 2019, the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB) and various additional regulatory bodies announced that Equifax had agreed to pay up to $700 US million in fines and penalties over the massive data breach. Canadian victims are not covered by that figure.

On February 10, 2020, following a two-year investigation, the U.S Attorney General announced the indictment of four members of the Chinese People’s Liberation Army for breaking into Equifax computer systems, and for stealing the sensitive personal information of nearly half of all American citizens, in addition to Equifax’s hard-earned intellectual property.

Cybercrime is a global problem that significantly impacts the safety and economic well-being of Canadians and Canadian businesses, particularly vulnerable members of our society, such as the elderly and youth. Canadian businesses and individuals are a key target for cybercriminals because of our relative wealth and internet-dependent economy.

Budget 2018 earmarked funding for two RCMP initiatives under the Strategy: the National Cybercrime Coordination (NC3) Unit and Federal Cybercrime Enforcement.

National Cybercrime Coordination (NC3) Unit

Budget 2018 earmarked $137.5M over five years and $23.2M ongoing for the NC3, as a National Police Service.

The NC3 is mandated to enable a coordinated Canadian law enforcement response to cybercrime by:

  1. Coordinating Canadian cybercrime investigations and collaborating with international partners;
  2. Providing digital investigative advice and guidance to Canadian police;
  3. Producing actionable cybercrime intelligence for Canadian police; and,
  4. Establishing a national public reporting mechanism for Canadians and businesses to report cybercrimes to police.

The NC3 initiative will reach initial operating capability in April 2020, launch the National Cybercrime and Fraud Reporting System (NCFRS) in 2022, and reach full operating capability by March 2023.

The NC3 will work closely with the Canadian Anti-Fraud Centre (CAFC) to develop a single national cybercrime and fraud reporting mechanism––the NCFRS––while ensuring no duplication of effort. In 2017, cybercrime accounted for 31% of CAFC complaints and 53% of total dollar loss.

The National Cybercrime Solution IM/IT Project will enable the NC3 to aggregate, cross-reference, analyze, and disseminate cybercrime information.

Federal Cybercrime Enforcement

The RCMP was allocated $78.98 million over five years (2018-19 to 2022-23) and $19.76 million ongoing for cybercrime enforcement.

This initiative will consist of establishing two additional Cybercrime Investigative Teams, in Milton and Montréal; deploying Cybercrime Specialists to Federal Policing units across Canada; and, deploying two cybercrime investigators abroad.

Budget 2018 also earmarked funding for the Communications Security Establishment (CSE) to establish the Canadian Centre for Cyber Security (the Centre) as a single, unified federal government source of unique expert advice and services on cyber security operational matters, providing Canadians and businesses with a clear and trusted source for cyber security advice. CSE ‘virtually’ launched the Centre in November 2018.

Contacts:

Prepared by: Sean McGillis, A/Executive Director, Federal Policing Strategic Direction, 613-843-6866

Approved by: Mike Duheme, Deputy Commissioner Federal Policing, 613-843-6866

Date modified: