A shocking revelation has emerged from Canada’s privacy watchdog: the Royal Canadian Mounted Police (RCMP) lost a memory stick containing highly sensitive personal information, and criminals were caught trying to sell it.

The Office of the Privacy Commissioner of Canada (OPC) recently released a report detailing the incident, which the RCMP initially reported in March 2022. The investigation uncovered a significant breach affecting 1,741 individuals. This alarming data leak included personal details of victims, witnesses, complainants, subjects of police investigations, and crucially, informants. Even RCMP personnel and civilian staff were affected.

The OPC report highlights a critical security failure. The unencrypted USB drive, containing a trove of sensitive data, lacked even basic password protection. The report states that while some documents on the device were password-protected, the device itself was completely vulnerable. This raises serious questions about the RCMP’s data security protocols and practices.

The attempted sale of this compromised data underscores the significant risks associated with inadequate data protection measures. The incident serves as a stark reminder of the potential consequences of negligence in handling sensitive information within law enforcement agencies. The OPC’s findings have initiated a thorough review of RCMP security practices to prevent similar breaches in the future. The details of the individuals involved, and the methods used to attempt the sale of the data, remain undisclosed, further highlighting the complexity and gravity of this breach.