Via Rail customers get spam after security glitch; no financial info disclosed

Via Rail is contacting customers who may be getting spam messages linked to the email account they have used when corresponding with the company.

Via says it began investigating following a report from a customer on Aug. 11 that he had been receiving spam emails.

The railway says its investigation determined that a subcontractor of one of its suppliers, which conducts surveys on Via's behalf, inadvertently made some customer lists available on the internet while performing a series of tests in July.

It says the lists contained general information, such as customers' names, postal codes, email addresses and travel details for the period of Jan. 2, 2017 to March 19, 2017.

Via says it does not keep any financial information in its databases, so no such data was disclosed.

These lists have been removed from the server and Via says it has suspended its business relationship with the supplier and has advised the Office of the Privacy Commissioner of Canada and the Treasury Board of Canada Secretariat of the incident.