[matbilodeau]

Translation / TLDR

Former HR employee (compensation) exfiltrated data to their personal email address. data included first and last name , SIN numbers of ministry employees. No evidence of wrongdoing yet but it raises questions of gross incompetence coming from the ministry in charge of preventing data loss.

[duxup]

I worked for a company with a few thousand employees.

HR had laptops with employee data on it stolen 3 times in two years. Each time they had left the laptop in their car after work when they went out to eat.

That, among other things is my long sad experience with HR.

It’s always some rando in a department / job where the rules don’t matter it seems.

[yowzadave]

I believe HR is commonly targeted by attackers, precisely because they have access to sensitive personal information on their employees. I used to work at a company where a high-level HR employee received an email purporting to be from the CEO, asking for a list of all employees and SSN's. Rather than asking critical questions about this request, they simply collected the requested information into a spreadsheet and emailed it to the attacker. Presumably all of our information was subsequently sold to identity thieves.

[nwoli]

Seems more likely that it was just a random laptop theft rather than a targeted SSN capture

[dangerboysteve]

Let me guess, also a non-encrypted disk ?

[A4ET8a8uTh0]

It is the old fashioned 'who guards the guards'. Eventually, someone does have access to all sorts of 'not good' things. Here, it is only surprising that it was HR.

[piyh]

Once we had a system that allowed notifications on employee changes, and an admin who ticked a fun box that resulted in everybody with an email on their employee profile getting notified in plaintext on SSN changes with before and after values.

Many processes on the payroll vendor's side and our company were changed after that day.

[unforeseen9991]

This is the Quebec government, it doesn't get any more grossly incompetent. The only question is what took so long

[dang]

Please keep regional flamewar off HN.

https://news.ycombinator.com/newsguidelines.html

[VancouverMan]

I think that that comment is being misinterpreted.

It doesn't seem to me to be an attempt at inciting a "regional flamewar".

The sentiment it describes is quite strongly held by people from and in that region, especially by those who've unfortunately experienced it first-hand for themselves.

[dang]

That's a reasonable point, but most people (or at least many people) in $region are going to interpret such a comment as a regional attack even if it wasn't intended that way. Most people's identity has something to do with where they live.

[belval]

> it doesn't get any more grossly incompetent

Unless you are referring to tech in particular, that seems very harsh. The ministry of digital transformation is a shitshow, but the governement itself has not done anything that would warrant the label "grossly incompetent".

[jszymborski]

I beg to disagree. It's hard to imagine handling the education and health portfolios worse than this provincial government has.

[aga98mtl]

Quebec has the best life expectancy in the americas. It's PISA scores are above the canadian average, which is itself close to best in the whole world.

[VancouverMan]

It's easy to imagine for those who've lived in provinces under an NDP government.

[version_five]

Um, healthcare, infrastructure... being completely absorbed in racism and anti Anglo hysteria, the GP comment is to nice if anything

[GinsengJar]

The QC government isn't the worst, but their prospects have been scary for someone like me.

I'd rather not be a second class citizen for being raised with the "wrong language".

[passwordoops]

Obviously you're not a taxpayer here