In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2019-ND-179||Nov 27 2019||Discovery Communications, LLC|
|Summary: The organization learned from a third party that certain folders stored in a cloud-based platform... [More]|
|P2019-ND-178||Nov 27 2019||Zero Technologies, LLC d/b/a Zero Water|
|Summary: The organization determined that a vulnerability existed on its website that permitted unauthorized... [More]|
|P2019-ND-177||Nov 27 2019||The Great-West Life Assurance Company|
|Summary: Due to an administrative error, a group plan member received a mailed letter addressed to him,... [More]|
|P2019-ND-176||Nov 27 2019||Conde Nast|
|Summary: An unauthorized person(s) gained access to certain systems of the organization's third party... [More]|
|P2019-ND-175||Nov 27 2019||A.T. Cross Company|
|Summary: The organization determined that information provided for purchases made on the website were... [More]|
|P2019-ND-174||Nov 26 2019||Servus Credit Union Ltd.|
|Summary: An impersonator was able to successfully access a member’s account by successfully answering... [More]|
|P2019-ND-173||Dec 11 2019||EMC Business Solutions LLP|
|Summary: The organization determined that a keylogger - a form of malware - was installed on its ecommerce... [More]|
|P2019-ND-172||Nov 26 2019||HP Restaurant Group|
|Summary: The organization determined it was possible that customer credit and debit card information for... [More]|
|P2019-ND-171||Nov 22 2019||American Rental Association|
|Summary: The organization discovered that malicious code was present on its website, which scraped certain... [More]|
|P2019-ND-170||Nov 22 2019||National Wildlife Federation|
|Summary: The organization found that a backend database hosted by a third party vendor was accessed without... [More]|
|P2019-ND-169||Nov 22 2019||Premiere Suites|
|Summary: One of the organization’s laptop computers was stolen. Despite company policy to the contrary,... [More]|
|P2019-ND-168||Nov 22 2019||T3 Micro, Inc.|
|Summary: The organization determined that it was the victim of a cyberattack that may have resulted in a... [More]|
|P2019-ND-167||Nov 20 2019||eHarmony, Inc.|
|Summary: An analyst with the organization was monitoring social media and found a video that had been... [More]|
|P2019-ND-166||Nov 20 2019||Canadian Tire Corporation|
|Summary: The organization reported that a threat actor used credentials compromised in previous breaches... [More]|
|P2019-ND-165||Nov 20 2019||Stuart Olson Inc., and its subsidiary Canem Systems Ltd.|
|Summary: The organization's IT systems and internal servers were subject to a ransomware attack. The... [More]|
Copyright 2019 OIPC. All rights reserved.