Hi, Just want to say thank you for your informative programming.....loved your show this evening, concerning internet hackers, we all need to realize how serious this is...keep up the good work!! Posted by: mary | Mar 7, 07 07:00 PM

In regards to checking your credit report. I looked at one site and they needed your name, address, SIN etc. Would would stop a hacker from gaining information this way? We have to wonder if anything is safe from hackers. Posted by: Patti | Mar 7, 07 07:01 PM

I received a new credit card in the mail yesterday telling me my card information may have been exposed .This is very scary to me and I don't like it one bit . What information is out there about me even if I do have a new credit card and why wasn't I informed by Winner's the minute they found out this had happened ? Posted by: karen | Mar 7, 07 07:02 PM

I recently went with a return at a dept store in Carbonear NL. They would not do a return without my drivers licence.And i obliged.They also retained my information on their computer.Can they legally do this and should they have given me my refund without this information.And should i demand that my information be taken off their computer? Thank you Brian V. Butt Posted by: Brian V. Butt | Mar 7, 07 07:04 PM

If some stores, as you demonstrated, were able to block your hacker, then why not all stores? Your segment highlighted the issue of stores being compelled to reveal security breaks, and whether or not legislation should be introduced to mandate that. You also highlighted the absence of expense/willingness on the part of retailers to protect consumer information. If a car owner can be required to meet a standard of safety through vehicle inspections, then why can't businesses, especially large ones, be obligated to meet some form of standard when it comes to protecting the information that they are so willing to acquire from their customers? And as always it seems it would be seniors, many of whom are justifiably intimidated by the intricacies of cyberdom, who would be least able (knowledge-able)to protect themselves. Posted by: n barnett | Mar 7, 07 07:24 PM

Wendy MEsley's story tonight about identity theft really scared me,even though I know it is the reality of our time. I am wondering how dangerous it is to enter contests even if the contest is generated by an apparently reliable source, for example ATV is currently running a contest for $15000 of furniture,but they ask for the entrant's name,address,age (why?) telephone number and e-mail address. If you happen to reply to this question on the air,please do not use my name,(use a fictitious one) Posted by: Phyllis MacDonald | Mar 7, 07 07:43 PM

Thank you for another week of bringing to the fore front another heads up perspective. Philip N2T...we'll, maybe not! Posted by: Phil | Mar 7, 07 07:52 PM

Excellent show. I don't accept the excuse that we as consumers will not appreciate disclosure from any breaches in a company's security. I would like to tell you that it is important that Canada make companies accountable for not protecting our information. thanks mp Posted by: mp | Mar 7, 07 08:04 PM

Great informative show!!! More of those please. I'm appalled that this is going on and that the merchants, banks, etc. are so lax with our personal information. It was mentioned that if the merchants had to report a breach everytime it would give the consumer breach fatigue. Quite the contrary. It would show me that that business is not concerned about me the consumer, his bread giver. I would do the same and not concern myself with him and shop elsewhere. Probably using cash!!! It always seems that it's the consumer that has to bear the consequences of their cavalier attitude in safegarding our personal and private information. How can the public force our federal government to enact some legislation forcing disclosure by the merchants whenever a breach occurs. Posted by: Michel Ménard | Mar 7, 07 08:17 PM

It would seem that rather than working themselves to improve consumer security, Canada's banks are in league with the hackers. I was contacted just this week by a telemarketer, who was trying to get me to buy special insurance that would "protect me from fraud" if my credit card or debit cards were ever lost or stolen. Why would this company be selling such a product when they know full well that the consumers are already not responsible to repay fraudulent charges? They almost make the hackers look respectable! Posted by: T. Longpre | Mar 7, 07 08:24 PM

i thought it was a great ode of getting people aware of distractions while driving. Posted by: ahsan irfan | Mar 7, 07 08:45 PM

Excellent program! Every single week I learn something informative that is formal. Then I send my thoughts and the URL to to others. Technology is wonderful since I can watch the full episode while at school in the evening. This show is perfect! Martin Posted by: Martin C. | Mar 7, 07 09:33 PM

Wendy Mesley's story "Can You Hack It?" really made me think. I don't use credit cards and try to be careful with my personal information. I recently gave all of my personal information to a government agency. Now they are telling me that a direct deposit was made to my bank account - except that it didn't show up in my account. Even though I got a printout of my account activity from my bank (of 20 years), and it clearly shows that there was no deposit made, the government agency insists that there was a deposit to my account - but there wasn't in fact - only on their paper saying there was!!! How many government data bases are hacked into? Do they take any security measures? I wish I knew. Incidentally this was in Edmonton Alberta where they just started issuing benefits through debit cards and direct deposit. I am willing to be responsible - but not for money I never got! Sincerely, Donna Posted by: Donna Hayward | Mar 7, 07 10:42 PM

I am a signing officer with a non-profit organisation in Tor. I have to sign a signature card with a major Cdn. bank with which I do not have a banking relationship. they want to have personal info plus my ID. I don't have a problem with the ID, but why is it necessary for them to have all my personal info? after seeing your story on hackers, now I am really wondering if i have to. Posted by: wanda | Mar 7, 07 10:55 PM

The report driven to distraction was very informative, however I noticed the constable you rode with also has a laptop in his car plus a cell phone I am sure does he use them while driving. I have lost count the number of times I have seen city police gawking at the computer in their cars or talking on their cell phones all while driving. This is a serious safety issue for all of us especially considering the density of traffic especially in urban areas, the use of any of these devices should be forbidden except when parked. Posted by: Robert Bell | Mar 7, 07 11:51 PM

Hey Wendy - Another great show! I hate when retailers ask for my personal information when doing a return. So what do I do you may ask when I have to return something? It is all fake! Fake phone number, fake address, fake name, fake postal code and fake everything! Sometimes I will tell them I am from out of the country and that I will not be returning again so why would you need it and they say, yeah you're right. This might not even be my real name and e-mail address because can you trust the CBC to make sure my information is safe? See you next week! Cheers, Michael Posted by: JB | Mar 8, 07 01:33 AM

I never really even understood why companies ask for your information. What do they do with it? Why would Canadian Tire need my driver's license? Are they going to check my driving record when I buy some wiper blades? I think that companies should at least be obligated to tell you what it's for, if they ask at all. Posted by: Amber | Mar 8, 07 01:35 AM

Something you said on the show last night raised my neck hairs: the more hacking there is the more business there is for the anti-hackers. Remember the case in the US of the anti-virus software company that was alleged to have produced viruses as well? Posted by: David Langer | Mar 8, 07 08:30 AM

Hotels keep your credit card number on their computer for years to make it easier supposedly to reserve another time. I doubt many of these have secure systems, especially smaller hotels, or motels etc. Posted by: Ken from Vancouver | Mar 8, 07 09:11 AM

Wendy, thanks for showing how a hacker can gain access to data held by a business. It is scarry how easy it was with equipment readily available. I want to see business's held accountable and our governments tackle this important issue to make this criminal uncommon. I think you should follow up on this with government officials. Signed, Norman Dorff Posted by: Norman Dorff | Mar 8, 07 01:38 PM

I would be curious to know how well our national flag carrier airline safeguards the information that I and other Canadians entrust it to when I make my travel arrangements and pay online with a credit card because the airline wants to lay off all of its call centre staff to cut costs. I myself prefer to deal with people and not to give out credit card information over the computer but our national carrier seems to have other ideas in mind. Got to hate technology. Posted by: Martin | Mar 8, 07 02:34 PM

Retailers ask for a driver's licence from people who return an item without a receipt to track whether they are fraudsters themselves who are returning stolen goods. If there is a receipt, then a driver's licence should not be asked for. I give my work number to retailers when they ask - go ahead and call me at work - and then you will find out where I work and probably never call me ever again. Posted by: S. Spence | Mar 8, 07 03:38 PM

One thing that this did not touch on was be careful with where you put your information online. I am a white hat, and for a demonstration I captured information inside a hotel. Someone in the hotel filled out a form on one of the sites "Get paid to take surveys online". I captured all this information. While it wasn't a credit card, it was a full name, a full address with postal code, birth date, username, password, marital status, ethnic origin, and a few other bits of information. While this isn't a credit card or SIN number, I think of this as quite serious. To protect yourself, DONT put information on the internet unless its HTTPS, otherwise assume that someone is watching you. Would you want to shout your name, address, etc in a crowd of people? Then don't "shout" it on the internet by filling out a web form. -Anonymous Coward Posted by: AC | Mar 8, 07 06:43 PM

Another great show, however the driven to distraction piece was a little hipacritical. How many seconds was the police officer's eyes off the road while he was motioning to other driver about talking on his cell phone, which if I'm not mistaken isn't illegal in Ontario. Posted by: G. Peterbaugh | Mar 8, 07 09:36 PM

Another great program Wendy. One of your suggestions was to check your credit regularly. When I tried, all online credit history services ask for all of your info including your credit card number. Is there a secure way of getting this information without having to give all this information out? I believe banks should start offering credit check information as a bonus service which would save us and them millions if fraud was caught early. At least by having banks offer this there would be a filter of sorts as most have relationships with their clients. Posted by: Jose Paulo | Mar 8, 07 10:24 PM

Recently I had my credit card company call and ask me to cut up my card, ask me a series of questions and finally tell me they suspect fraudulence on my card. They sent me a new card with a new number. They would not disclose the source of their suspicions, they wouldnt give me any more information, I am thus unable to know who or where my card had been compimised. I believe they should have told me where they thought the breach happened so I would not use my card there or at least so I can learn for future instances how to protect myself. Posted by: L Paulo | Mar 8, 07 10:39 PM

It just proves that we are better off without credit cards. Cash is king! Posted by: Ted | Mar 9, 07 12:13 AM

Is this really something that warrants generating any excitement? People tell other people their credit cards numbers all the time to order services, food, hotels, flights, etc. Credit card receipts spend time on a table in restaurants. Seems to me a criminal would be much easier off taking credit card numbers from callers ordering pizzas. Surely there are many more avenues for abuse that are taken advantage of far more often than computer 'hacking'. Posted by: Todd | Mar 9, 07 04:18 AM

I find it amazing how people can be scared at the drop of a hat. I understand there is concerns about privacy, and a breach is a terrible thing. But there are few facts that one should keep in mind looking at this article. 1) If your credit card is comprised, the company (visa, m/c, etc..) is liable, not you. This has always been the way... 2) If they have your number via the magstripe, they don't have everything. The 3/4 digit code on the back of the card is not on recorded on the stripe. Known as CCV2 code. 3) Introduction of Chip cards in 2009(?) will address a lot this fraud. 4) NEVER give out your SIN, except to the gov't, your employer and the bank you go to. No one else needs it. 5) Phone number? who cares. I can look up phone numbers on the internet. It has no more weight than your name. 5) Hacking onto people's internet connections (Wifi) is a big problem. But it's us, the consumer that have to lock our own doors. It does not take more than 15-20 to lock you home router and lockout digbats that park out side your door and surf. 6) The biggest tip. COMMON SENSE! Stores like Canadian Tire, Winners, etc.. are not out screw you. They are out to make a buck like the rest of us. They make mistakes like you and I do all the time. No one is perfect. Just relax, and keep your eyes, ears open. Lastly, if you are worried about your credit cards being stolen, then cut them up. But you say you need it for the convenience. That's the challenge isn't. There are many a tool out there today that can fix all these problems, but they will make your life more difficult, and most don't want to loose the convenience. PIN's, FOB's, CHIP's, even biometrics will all add security but will also complicate your life. Do you really need another hassle in your life? Posted by: Rob | Mar 9, 07 10:06 AM

I received a new credit card from my back with the explanation that since my card may have been compromised after the hacking incident at Winners they are taking "precautions". In other words the corporations STILL don't want to disclose the full truth to their consumers. I won't be shopping at Winners anymore & I don't think I'll be using my credit card online anymore either. Posted by: Mary | Mar 9, 07 11:07 AM

It occurred to me that the banks, or credit card companies could set up an internet service offering the option of listing the places you usually shop and restricting the card's usage to those locations. Or as a second option, allow purchases at multiple locations but have a pop up detailing new places you've shopped this week/month and asking you if you want to add this store to your list. My email does it to me all the time for addresses. Posted by: Sharon | Mar 9, 07 11:31 AM

The white hat hacker showed how easy it is to connect to unsecured wireless networks. That's all. I can do that to any number of networks in my own building. It has nothing to do with hacking department stores and getting credit card numbers. All it does is obscure your identify when you get caught in the act. Also, finding "unsecured ports" isn't an indication that you can hack that computer, and even if you do find a true hackable port this doesn't mean there will magically be a database with credit card numbers waiting for you. This is simply fearmongering - just like the over-hyped news stories you get on your local news at 6. I'd be more concerned about bank employees losing laptops, or rogue employees than so-called two-bit "google" hackers (as your white-hat described them). Posted by: Bruce | Mar 9, 07 05:17 PM

i think the companies should inform only the infected names or accounts within 30 days of finding out about the breach. the companies should get 30 days to track and test the info that they recieved,,, i would want to know asap if my info was breached!!! and i found out that when i was in asia my card was used for fraud and i complained as soon as i got the statement,, i would like to know what action is taken when a person is cought doing fruadulant perchuses,,, even if it is done overseas... thanks for letting me vent; BARRIE Posted by: barrie | Mar 10, 07 04:07 PM

Nice report, but we would have preferred that CBC credited the website that posts publicly announced personal data breaches as attrition.org instead of just saying "a website that keeps a running tally". We also provide a subscription-only email list and database of these events. Lyger (attrition.org staff) Posted by: Lyger | Mar 10, 07 04:17 PM

I found it very interesting this past Thursday when I noticed a "Full" Section in the Toronto Star that was actually titled "IDENTITY THEFT". Most of us have already learned about the fraululent activity that was going on when making purchases at the Homesense and Winners stores when using "plastic money". Well the same thing happened to me in 2003 when supporting children overseas thru the Foster Parents Plan Organization. I only learned this within the past week when I read the article in the Toronto Star. One of the articles in the Toronto Star proclaims that at least $291 Million Dollars are lost every year using "plastic" dollars. Posted by: Andy McC. | Mar 10, 07 05:25 PM

Canadian working for USA Health Management Org. We are federally mandated to protect member PPI (Personal and Private Information). Our company president is liable if we fail. hppts means secure site. MarketPlace(MP) should ask if this string can be 'spoofed'. MP should have asked Info Tech Council interviewee why they don't sue the wifi companies because they implemented unencrypted technology on the world. They are the tech 'mouthpiece' of Canadian Big Business apparently and have the bucks. MP should ask Federal Privacy Office same question. MP should have asked that if a Canadian company is owned by a USA one - is the USA security notification requirement in affect? After all, the USA , under the Patriot Act, can get at our Canadian data that way. CVV2 or 3 digit code. Still open in my mind. Todd says it is not on black strip. Hacker chat session text shows this stuff is for sale. Not clear if Hacker got the CCv2 through the wifi or maybe they spoof(lie) to themselves as well. Would love to volunteer on any follow up program and ask company rep for there Data Security official if they refuse to complete a transaction because I only give name, rank and serial number. Good program. The Americans are so ignorant - nothing even close to CBC. Posted by: John Rowell | Mar 10, 07 05:27 PM

I found it very interesting this past Thursday when I noticed a "Full" Section in the Toronto Star that was actually titled "IDENTITY THEFT". Most of us have already learned about the fraululent activity that was going on when making purchases at the Homesense and Winners stores when using "plastic money". Well the same thing happened to me in 2003 when supporting children overseas thru the Foster Parents Plan Organization. I only learned this within the past week when I read the article in the Toronto Star. One of the articles in the Toronto Star proclaims that at least $291 Million Dollars are lost every year using "plastic" dollars. Posted by: Andy | Mar 10, 07 05:28 PM

Thanks for the web Quiz. It was an insight and i learned a few things that i should have already known. I have never hear you mention computer security systems available in the marketplace for use by an average keyboard fanatic such as myself.eg.Norton security or windows defender. I've always thought that either of these and good old common sense would do the protecting i need for me.What's your thought on this. Posted by: Harry Beens | Mar 10, 07 08:10 PM

While I agree that virus software should be used, I disagree with your suggestions to use Mcafee or Norton. Because of the huge market share those two have, many virus/spyware authors will write their code to ensure that it CAN get past those two, ensuring that their code can infect the lion's share of computers. I would recommend, instead, that people do a bit of research and look at the other, often superior packages out there, like NOD32, or Kaspersky, or Panda. Posted by: Richard | Mar 11, 07 01:05 PM

My complaint relates to my local video retailer’s requirement for consumer drivers license information. I was very surprised last Friday when a major chain video store refused to allow me to rent me a DVD movie without me providing the store clerk my driver’s license. I agreed to provide my VIP membership card and my credit card, but expressed my concern over the security of all this information being retained on a computer at the video store. The store manager told me that their policy is to verify customer drivers license information before renting two or more DVDs. I told the manager that to protect against any credit risk all they needed was my signature on the rental slip and my bank’s on-line credit card transaction approval response number. However he refused to proceed with the sale. I left the store empty handed, vowing never to return. We all know about the risks consumers face from fraudulent transactions performed with counterfeit copies of their credit cards. My bank has assured me that I would not be liable for any fraudulent credit card purchases. What bothers me is the risk of identity theft- particularly when personal information (such as date of birth and home address) is combined with my credit card details and this information is improperly protected. Could someone advise me on this matter? What privacy rights should a consumer have in this regard? How much personal information does a retailer need for a rental transaction of this nature? Posted by: Russell | Mar 11, 07 01:54 PM

Thank you for the informative piece on information hackers. I was looking into how to have a credit check done, and it seems it is all online. Is there any other way via snail mail or phone? Posted by: Nina Vieira | Mar 11, 07 05:15 PM

I am still waiting for comments from anyone else that noticed the article section in the Toronto Star last Thursday concerning "IDENTITY THEFT". This also includes you folks at the CBC. Did nobody read it? Posted by: Andy McCleery | Mar 13, 07 04:37 PM

Sorry to say but this is a joke. Any major corporation would not use wireless security within their office LAN. This is s a scare tactic to make a story. No way a hacker could hack into a server easily if they are on a LAN and it was configured correctly. Also, the security expert in this Video uses Windows. All he is doing is login into a default access point with no security enabled. If he was a real hacker, he would be using Linux to do this. I can do this pretty easily with Linux, but not in Windows. I cant stand people that think they are that but use Windows. Windows is a joke. Why not learn how to use a real operation system like Linux or BSD. Posted by: Shawn Rapaz | Mar 15, 07 02:02 AM

I went into a bank in downtown Toronto to get the Olympic coins. I had a toonie to exchange for 8 quarters and they asked for my drivers licence. I was livid and refused. They said it was just in case. JUST IN CASE WHAT?? Posted by: Susan | Mar 16, 07 09:47 AM

TheStar.com-Special Sections-Identity Theft. Folks, please go to this web-site and do reading. Posted by: Andy | Mar 19, 07 05:31 PM

Last I checked it was not illegal in Canada to use an alias as long as it was not for a criminal purpose. Maybe its time to develop an alter ego. Create an 'alias' and use that 'person' for all your online/financial transactions. Hmmmmm Posted by: Moshu | Mar 27, 07 09:35 AM

I am a victim of identity theft and 3 years later I still have to keep warning flags up on all and any credit card or bank transactions. Its a pain to have to prove who I am now because of this but I yearly tell Trans Canada and Equifax to flag my Name, Sin and any transactions for verifications because now that my information has been sold and is floating around out there it can come back at any time and haunt me again! Posted by: Tony | Apr 17, 07 10:24 PM

The segment driven to distraction was very interesting. I particularly liked your list of top distractions. It is curious because it brings awareness to the need to keep attention on the road because people are putting others lives at risk when they get distracted. I have a friend who suffered a rather severe brain injury when she was seven because someone wasn't paying attention when they were driving. She faces a lot of challenges in life from what kind of job she can take to social stigmas. I found the number one distraction on the list quite curious, because there's a two way tug-a-war between freedom of expression through signage (whether it's an individual's sign like a garage sale) or a company's sign (like an lingerie ad) and drivers and passenger's right to be safe (free from being rear ended by someone who might be reading a sign). It's horrible to think of a child dying in an accident because someone got distracted. Many boulevard signs and billboards go ignored and are just part of the landscape so they are of little interest. One trend that I'm starting to see more and more is live signage, where a person stands in the middle of a boulevard promoting an event. Sometimes that person has a distraction on them whether it be a silly costume or little clothing. While most drivers can handle this, others take the gawking too far. If one group or business can do this, then others feel they are entitled to, and not before long do we have one crowded street --what's to stop someone from staging an arguement on a boulevard to promote a new product or staging a one act play to promote a new sit-com? The traffic acts? Well, these people are armed with civil rights lawyers. Many people like me don't want to see freedom of expression limited, but neither should there be accidents caused by this and someone dying needlessly. Just a thought. Posted by: al | Jul 11, 07 11:19 PM

Driving with a dog On your Lap, is that illeagal? Because my sister in law does it all the tme with the kids in the car and i tell her she should not and she insists. she's is a 30 year old adult and she can do what ever she wants even her husband could not convince her it was dangereous. Posted by: Metka Sedlar | Jul 29, 07 12:34 PM