MuchMusic warns of security problem

MuchMusic has advised anyone who has entered one of their contests that they may receive a call from someone that isn’t offering much of a prize.

MuchMusic issued an advisory Thursday afternoon to its contest entrants, warning them that they “have reason to believe that our contest databases may have been compromised.”

The advisory continued that keeping entrants’ personal information confidential is important that MuchMusic had taken appropriate steps to ensure that all data remains private.

“However, as the Internet is not a 100% secure environment, there is the potential for your personal data to get into the wrong hands,” reads the release. “Recently, we learned that some of our contest entrants received “prank” phone calls from people pretending to be Much Music employees. We are taking these complaints very seriously and have launched an investigation.”

The memo advises contestants that if they receive a call from someone who asks them to do anything other than call the company’s contest line, they should disconnect and do number identification with *69. MuchMusic noted that it only calls winners between 9 a.m. and 7 p.m. and gives them a phone number to call to claim prizes.

MuchMusic wasn’t available for official comment on Friday, however, a representative confirmed that there had been somewhere around 15 calls from people complaining that they had received calls from someone claiming to be a MuchMusic representative.

The complaints stem back to May, but a higher volume has been recorded more recently. MuchMusic has commissioned a forensic team to find out where the breach took place and they suspect information may have been intercepted en route to Much Music. Internally, Much Music has formed a team to create a timeline of the security breach and has alerted the RCMP.

Joey Roa, an analyst from the Canadian Information Processing Society (CIPS), said security breach advisories that involve data including social insurance numbers or credit card numbers are usually considered more serious than one like this that is just contact information.

However, he said, there are still dangers involved in a hacker getting information as mundane as someone’s address.

“Identity theft is becoming more common on the Internet,” Roa said. “Each little piece of information that a hacker or would be cyber-thief can collect, it becomes easier for him to assume an identity. All this information can be used for verification purposes and that information is often readily available.”

He added that if the information on a Web site is particularly sensitive, it is wise to have third-party auditors come in and inspect the Web site security.

“I think that when you look at cybersecurity, it is a challenge, to say the least,” he said from his office in Alberta. “However, companies should be prudent, and that includes having all the security software and having it properly installed.”

Al MacKay, chair of the Media Awareness Network, said that this security breach shows that parents need to watch their childrens’ and teenagers’ Internet activity as they would watch them if they were out on the street.

“You don’t send your kids to the park by themselves, so don’t let your kids on the Internet unattended,” he said, adding that because many young people are more comfortable than their parents online, many parents believe what their children are doing is safe.

“They are at the end of the day, still kids, and they may be naive,” he said. “Parents should make it clear to kids that they shouldn’t give out any information without their parents. There is a whole level of Internet proofing rules and parents have to become involved. It is an evidence that parents think they know what their kids are doing, but they may not.”

MuchMusic in Toronto is at CIPS in Alberta is at Media Awareness Network is at