In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
|P2018-ND-132||Sep 27 2018||Ebbs, Roberts, Head & Daw Inc.|
|Summary: The organization believes a phishing attack may have been the cause of a compromise to its... [More]|
|P2018-ND-131||Sep 27 2018||LÍLLÉbaby|
|Summary: The organization had unauthorized installation of malware on its e-commerce web platform, which may... [More]|
|P2018-ND-130||Sep 27 2018||CDN Controls Ltd.|
|Summary: The organization received a telephone call from a former employee alleging that his dates of... [More]|
|P2018-ND-128||Sep 27 2018||Universal Rail Systems|
|Summary: During a routine payroll systems upgrade, a new system folder provided by a third party vendor was... [More]|
|P2018-ND-127||Sep 26 2018||Northbridge General Insurance Corporation and Federated Insurance Company of Canada|
|Summary: An employee of the organization received a phishing email from a known and trusted business partner... [More]|
|P2018-ND-126||Sep 26 2018||Quality Credit Services Limited (doing business as Quality Credit Reporting)|
|Summary: The organization was retained by the affected individuals to provide credit reports in connection... [More]|
|P2018-ND-125||Sep 26 2018||Bombas, LLC|
|Summary: The organization had malware in its third party e-commerce platform used for payment card... [More]|
|P2018-ND-124||Sep 17 2018||McAfee Ireland Ltd.|
|Summary: The organization offers a computer support service through a vendor. The organization was made... [More]|
|P2018-ND-123||Sep 17 2018||CIBC World Markets, a reported by Canadian Imperial Bank of Commerce|
|Summary: The organization learned that one of its vendors was contacted by an unknown third party using an... [More]|
|P2018-ND-122||Sep 17 2018||Alpha Industries, Inc.|
|Summary: The organization learned that its third party digital commerce platform provider had experienced an... [More]|
|P2018-ND-121||Sep 4 2018||FastHealth Corporation|
|Summary: The organization received a report from law enforcement indicating that an unauthorized third party... [More]|
|P2018-ND-120||Sep 4 2018||Feld Entertainment, Inc.|
|Summary: The organization identified suspicious email activity related to a phishing email sent to certain... [More]|
|P2018-ND-119||Sep 4 2018||Sun Life Assurance Company of Canada|
|Summary: An advisor with the organization left a bag containing 12 insurance contracts in a locked car at... [More]|
|P2018-ND-118||Sep 4 2018||Envision Property Management Ltd.|
|Summary: Thieves broke in to the group mailbox at a residential condominium property the organization... [More]|
|P2018-ND-117||Aug 13 2018||Rail Europe SAS (France)|
|Summary: The organization found that an attacker was able to gain access to the organization's front-end web... [More]|
Copyright 2018 OIPC. All rights reserved.