Cybersecurity Incident
This page provides information for members impacted by the recent cybersecurity incident for members of the ACAW Trust Funds Pension Plan or Health & Wellness Plan.
Update February 28, 2024
As previously shared, on November 8, 2023, ACAW Trust Funds became aware that an unauthorized third party accessed a portion of its IT infrastructure and confidential member information.
Despite this data breach, the ACAW Trust Fund pension plan and health and wellness plan and its funds remain secure and not at risk.
Since the breach, ACAW Trust Funds has actively adopted new internal protocols to minimize the risk of this type of incident
We are committed to safeguarding our systems and member data through implementing proactive measures. These include enhancing access controls, and security protocols and implementing additional monitoring technologies and procedures.
To achieve end-to-end protection within our system, we have taken several crucial steps:
Anti-Virus Measures: We have upgraded to a new single-solution that detects and responds to potential breaches, ransomware, and cyber attacks
Enhanced Backup Systems: Data backups now have improved redundancy and security measures to prevent unauthorized access and ensure data integrity
Upgraded Microsoft Solutions: We are migrating to newer Microsoft services that provide the latest security enhancements and features
Improved Network Security: New network hardware has been installed that provides cutting-edge security and better monitoring capabilities
The ACAW Trust Funds team is working hard to continue to provide you with peace of mind, and we are committed to maintaining the highest levels of customer service, security, and fraud protection.
If you have any further questions or inquiries, please get in touch with us by calling our toll-free support line at 1-855-860-8764, as well as a dedicated email address - cybersupport@acawtrustfunds.ca
Board of Trustees
ACAW Trust Funds
Update December 15, 2023
We first want to apologize for any inconvenience or frustration this has caused. We recognize the importance of protecting a member’s confidential information and are working diligently to minimize any future risk of unauthorized access.
We would like to provide you with an update on what ACAW Trust Funds is doing internally to address this issue. We confirm that to date, we have:
Notified the appropriate authorities and regulated bodies about the cyber incident.
Launched a website with information, a dedicated toll-free phone line and email address to answer concerns or questions.
Partnered with Equifax to offer members a two-year complimentary credit monitoring subscription.
We are also working to improve and adopt further rigor in internal digital and cyber security practices. To support this work, we have engaged with an IT service to help identify recommendations and policies. We will complete this process over the coming weeks.
In the meantime, we recommend activating your Equifax registration using the code previously provided if you have not already done so. www.equifax.ca/activate
ACAW Trust Funds will provide a further update in the new year, outlining the new policies and practices we are adopting to better protect membership information. If you have any questions, please contact us at 1-855-860-8764 or cybersupport@acawtrustfunds.ca.
Best regards,
Cyber Support Team
Letter to Members November 29, 2023
On November 8, 2023, ACAW Trust Funds became aware that an unauthorized third party accessed a portion of its IT infrastructure and confidential member information. Upon discovery, immediate countermeasures were deployed to secure the network and prevent further data from being accessed. Our external IT support company has been engaged to assist with containment and remediation and to conduct an extensive investigation into the nature and extent of this incident.
We know that our membership trusts us to protect their personal information from this type of event, and unfortunately, even with industry-standard measures in place, we discovered that confidential member information was accessed. We recognize that this may cause stress and frustration with membership. We take member privacy very seriously and continue to work diligently to adopt further security practices and protocols.
Potentially accessed member information includes passports, drivers’ licenses, social insurance numbers, date of birth, address, email, banking information, medical records and beneficiary information. Those whose personal data was impacted will be contacted and offered complimentary credit monitoring.
ACAW Trust Funds has reported the incident to the Information and Privacy Commissioners of Alberta and British Columbia and have been working with local law enforcement. The investigation into the incident remains ongoing, and further measures will be taken if deemed appropriate.
WHAT WE ARE DOING
We are completing an internal investigation and working with the Office of the Information and Privacy Commissioner in Alberta and British Columbia to ensure proper processes are followed.
In addition to informing the appropriate privacy commissioners, our IT provider has added additional layers of security to safeguard the system and will be working to identify any other ways we can enhance our digital security.
To help ensure that your information is not misused, ACAW will cover the cost for you to receive credit monitoring for two years. To receive this credit protection service, we have contracted the services of Equifax Credit Bureau. Please contact us at our dedicated toll-free support line at 1-855-860-8764 or dedicated email address at cybersupport@acawtrustfunds.ca to receive a unique activation code for this service.
WHAT YOU CAN DO
Activate your complimentary credit monitoring using the letter sent out to membership. We encourage you to take advantage of this service and help protect your identity. Immediately report any suspicious activity to the credit bureau.
Remain vigilant – In addition to enrolling in your complimentary credit monitoring service, we encourage you to remain vigilant regarding threats of identity theft or fraud by engaging in the following best practices:
If you receive emails, telephone calls or text messages asking for your financial or any other personal information you were not expecting, particularly if they purport to be from ACAW Trust Funds, please consider such communications fraudulent and contact us immediately to verify their authenticity.
Monitor your bank accounts and credit history to guard against unauthorized transactions or activity. If you have any doubts or notice any suspicious or potentially fraudulent activity on your credit or debit card, we recommend you contact your financial institution and report the incident to local law enforcement immediately.
Change online passwords for your financial and other sensitive accounts regularly and make sure they are secure.
Never respond to unsolicited requests for your financial information, and be careful when sharing your personal information unsolicited, whether by phone, email or on a website.
Avoid clicking on links or downloading attachments in suspicious emails.
Thank you in advance for your support as we work through this incident. We apologize for any inconvenience this has caused our membership.
Sincerely,
Board of Trustees
ACAW Trust Funds
Additional Information
The following website offers additional tips and resources to help you protect your identity: https://www.priv.gc.ca/en/privacy-topics/identities/identity-theft/guide_idt/.
The following website offers information on how to access your credit score: https://www.canada.ca/en/financial-consumer-agency/services/credit-reports-score/order-credit-report.html
Finally, you are entitled to ask the Information and Privacy Commissioner of Alberta or the Information and Privacy Commission of British Columbia (dependent on provincial residence) to investigate this incident should you wish to do so. You can contact the IPC at:
Office of the Information and Privacy Commissioner (Calgary)
Suite 2460, 801 6 Avenue SW
Calgary, AB 2P 3W2
(403) 297-2728
Office of the Information and Privacy Commissioner (Edmonton)
#410, 9925 - 109 Street NW
Edmonton, AB T5K 2J8
(780) 422-6860
Office of the Information and Privacy Commissioner (British Columbia)
4th Floor, 947 Fort Street,
Victoria BC V8V 3K3
(250) 387-5629
We apologize for any inconvenience or concern this incident may cause you. Thank you for your patience and understanding. For more information, read the ACAW Trust Fund Cybersecurity Incident FAQs below.
Frequently Asked Questions
-
Please call 1-800-465-7166 for enrollment assistance.
-
On November 8, 2023, ACAW Trust Funds became aware that an unauthorized third party gained access to a portion of its IT infrastructure and accessed confidential member information. ACAW Trust Funds confirmed that the cyberattack occurred on October 23, 2023.
-
Our IT systems adhere to industry standards when it comes to protecting the confidential information of our members. This incident occurred because an ACAW Trust Fund employee clicked on a link within a ransomware email, which caused our systems to become infiltrated by an unknown third party. The employee was not aware that this email contained ransomware.
We have been working with the Edmonton Police Services Cyber Crimes Unit, which works in conjunction with the RCMP. We are continuing to inspect our systems and identify what happened to allow external access to the system. We will be updating members accordingly once relevant information becomes available.
In the meantime, we are implementing additional security measures to prevent this type of incident from occurring again in the future.
-
At this time, we cannot confirm exactly what information has been breached. We believe they may have accessed personal identification documents and certificates including, passports, drivers’ licenses, birth/death/marriage/divorce/adoption & guardianship papers or certificates, social insurance number, date of birth, address, email, beneficiary information, medical records, and potentially bank account numbers (applicable to members that receive direct deposit from ACAW Trust Funds). Accessed information varies per member and cannot be confirmed at this time.
-
We are working closely with our IT service provider to identify opportunities to bolster our existing IT infrastructure, including updating internal security measures and protocols. While we were already operating with industry-standard processes, we are adopting whatever additional measures possible to protect our member’s confidential information.
We are also working with law enforcement and applicable privacy regulatory bodies in Alberta and British Columbia to conduct a fulsome investigation.
-
To help ensure that this information is not misused, ACAW Trust Funds is covering the cost for you to receive credit monitoring for two years. To receive this credit protection service, we have contracted the services of Equifax Credit Bureau. Impacted members received activation information for this service. Questions about how to use this service can be directed to Equifax Credit Bureau.
Additionally, we’re encouraging members to change online passwords for their financial and other sensitive accounts regularly and make sure they are secure. Never respond to unsolicited requests for your financial information, and be careful when sharing your personal information unsolicited, whether by phone, email or on a website. Avoid clicking on links or downloading attachments in suspicious emails.
-
You can call Equifax directly at 1-800-465-7166 to activate the complimentary Equifax credit monitoring that is available to impacted members. Please note you will need an email address to complete registration.
-
If you have any doubts or notice any suspicious or potentially fraudulent activity on your credit or debit card, we recommend you contact your financial institution and report the incident to local law enforcement immediately.
Likewise, if you receive emails, telephone calls or text messages asking for your financial or any other personal information you were not expecting, particularly if they purport to be from ACAW Trust Funds, please consider such communications fraudulent and contact us immediately to verify their authenticity.