A computer theft that occurred last week could compromise the sensitive information of 10,000 current and former employees of the CHU de Québec Research Center. The organization specifies that two arrests have already taken place in connection with this case.
“This theft took place on the night of June 5 to 6. The next day, we noticed it, ”says Jean-Thomas Grantham, deputy CEO at the CHU de Québec.
A 40-year-old woman, Marie-Eve Béliveau, and a 32-year-old man, Anthony Roy, appeared Wednesday morning at the Quebec courthouse. Charges of theft and receiving are added to their already extensive criminal record.
Despite their arrest, the National Capital Police are continuing their investigation. Spokesperson Sandra Dion specifies that a search carried out in the Beaupré sector, on the outskirts of Quebec, had made it possible to recover computer equipment.
“We cannot assume, adds the CHU by press release, that the information it contained has not been transferred into the hands of third parties. »
Grantham said the two alleged criminals circumvented “several security protocols” to get to the stolen equipment. He specifies that the organization intends “to learn” lessons “from this break-in, which occurred in “the most important French-speaking research center in North America”, according to the CHU of Quebec.
The CHU says the theft has not compromised any ongoing research.
Every employee contacted
The organization agrees to contact each employee affected by this breach of confidentiality. It is “very likely”, according to the organization, that the data of all people who worked at the CHU de Québec Research Center between March 1, 1994 and May 14 are found in the stolen computers. “This includes, in particular, salaried staff members, doctors, residents, students and researchers,” adds the organization.
Among the data that may have been stolen are the name, date of birth, social insurance number, address, employment contract, curriculum vitae or passport number of employees. Their check specimen and tax form could also be compromised.
“No personal information concerning the patients of the CHU de Québec-Université Laval or the participants in the research projects of the CHU Research Center was there,” assures the organization, which oversees five hospital centers in Quebec.
For the moment, there is no indication that the content of the computers has been used or shared for fraudulent or malicious purposes, continues the CHU. “We have no reason to believe that this theft specifically targeted the sensitive data in question. »