Loading... Please Wait
The Personal Information Protection Act requires private sector organizations to notify the Commissioner and affected individuals where there exists "a real risk of significant harm" to an individual as a result of a privacy breach.
Decisions where there was a real risk of significant harm are published. Decisions where there was no real risk of significant harm are not published.
Some decisions made under the Health Information Act are also published. The Commissioner may confirm a custodian’s decision not to notify or by order require notice to an affected individual (section 85.1(2)).
| Decision | Date | Body |
|---|---|---|
| P2021-ND-258 | Jan 31 2022 | Blue Cross Life Insurance Company of Canada |
| Summary: A third party to the organization was subject to ransomware. The incident affected approximately... [More] | ||
| P2021-ND-257 | Jan 31 2022 | Bunge Canada, c/o Bunge North America |
| Summary: The organization reported that a courier vehicle containing documents with personal information was... [More] | ||
| P2021-ND-256 | Jan 31 2022 | Canalta Real Estate Services o/a Ramada Cochrane |
| Summary: A storage shed belonging to the organization was broken into and 17 documents containing personal... [More] | ||
| P2021-ND-255 | Dec 10 2021 | The Ferrance Group |
| Summary: An employee did not place email addresses in the the BCC field. The incident affected 27... [More] | ||
| P2021-ND-254 | Dec 10 2021 | Victoria’s Secret Stores Brand Management |
| Summary: The organization was subject to a credential stuffing attack. The incident affected 28 individuals... [More] | ||
| P2021-ND-253 | Dec 10 2021 | Alberta College of Speech-Language Pathologists & Audiologists |
| Summary: Several employees of the organization were the target of an email phishing attack. Two employees... [More] | ||
| P2021-ND-252 | Dec 9 2021 | Goodfellow Inc. |
| Summary: The organization was subject to ransomware. The incident affected 1,200 individuals. | ||
| P2021-ND-251 | Dec 9 2021 | E & J Gallo Winery |
| Summary: The organization was subject to ransomware. The incident affected 19,970 individuals, including 46... [More] | ||
| P2021-ND-250 | Jan 31 2022 | Airbnb Ireland UC |
| Summary: The organization discovered a technical vulnerability involving user accounts that had been subject... [More] | ||
| P2021-ND-249 | Dec 8 2021 | Vision Credit Union Ltd. |
| Summary: The organization forwarded an email to the incorrect address. The incident affected four... [More] | ||
| P2021-ND-248 | Dec 1 2021 | American Frame Corporation |
| Summary: The organization was subject to ransomware. The incident affected 30,502 individuals, including two... [More] | ||
| P2021-ND-247 | Dec 1 2021 | Hayward Pool Products Canada, Inc. |
| Summary: A document was placed in the wrong folder, which was not secured. The incident affected... [More] | ||
| P2021-ND-246 | Dec 1 2021 | Canadian Western Financial Ltd. (Mutual Fund Dealer, subsidiary of Canadian Western Bank) |
| Summary: An email was sent to the incorrect recipient. The incident affected one individuals whose... [More] | ||
| P2021-ND-245 | Dec 1 2021 | World Financial Group Insurance Agency of Canada |
| Summary: A partially completed trade ticket was sent to the wrong email address. The incident affected one... [More] | ||
| P2021-ND-244 | Dec 1 2021 | Florinda Financial Planning Inc. |
| Summary: The organization's customers were affected by unusual activity that was transacted through a third... [More] | ||
| P2021-ND-243 | Dec 1 2021 | SkipTheDishes Restaurant Services Inc. |
| Summary: The organization believes fraudsters used information gained from unauthorized access to other... [More] | ||
| P2021-ND-242 | Nov 30 2021 | Westech Industrial Ltd. |
| Summary: Suspicious activity was detected on the organization's network. The incident affected 85... [More] | ||
| P2021-ND-241 | Nov 30 2021 | The Debriefing Academy Inc. |
| Summary: Malicious actors gained access to the organization's website server environment, which was managed... [More] | ||
| P2021-ND-240 | Nov 30 2021 | TGM Law |
| Summary: The organization's office was broken into and items containing personal information were stolen.... [More] | ||
| P2021-ND-239 | Nov 30 2021 | Forty Creek Distillery Ltd. o/a/ Campari Canada |
| Summary: The organization was subject to malware. The incident affected 148 individuals, including 15... [More] | ||
| P2021-ND-238 | Nov 23 2021 | Dillon Consulting Ltd. |
| Summary: The organization was subject to ransomware. The incident affected 1,519 individuals, including 82... [More] | ||
| P2021-ND-237 | Nov 23 2021 | Trans Union of Canada Inc. |
| Summary: The organization was subject to a credential stuffing attack. The incident affected 705 Alberta... [More] | ||
| P2021-ND-236 | Nov 23 2021 | IMI Precision Engineering d/b/a Bimba Manufacturing |
| Summary: A vendor to the organization notified the organization that one of the vendor's service providers... [More] | ||
| P2021-ND-235 | Nov 23 2021 | Calgary Meals on Wheels |
| Summary: A driver with the organization inadvertently left a clipboard with client addresses attached on top... [More] | ||
| P2021-ND-234 | Nov 22 2021 | A.K. Ross Professional Corporation |
| Summary: The organization was notified by one of its clients that a tax document from 2015 stored on the... [More] | ||
| P2021-ND-233 | Nov 22 2021 | Women Building Futures Society |
| Summary: An employee with the organization sent an email containing a student's financial information to... [More] | ||
| P2021-ND-232 | Nov 19 2021 | 2364920 Alberta LTD. o/a PORTpass Inc. |
| Summary: Administration errors led to personal information being exposed. The incident potentially affected... [More] | ||
| P2021-ND-231 | Nov 15 2021 | New Arlington Realty Inc. |
| Summary: The organization was subject to ransomware. The incident affected 20 individuals in Alberta. | ||
| P2021-ND-230 | Nov 12 2021 | La Leche League International |
| Summary: A third party service provider was subject to ransomware. The incident affected 188,000... [More] | ||
| P2021-ND-229 | Nov 12 2021 | Christian Labour Association of Canada |
| Summary: The organization was subject to ransomware. The incident affected 620 individuals, including 100... [More] | ||
| P2021-ND-228 | Nov 12 2021 | SE Canada Inc. |
| Summary: The organization was subject to ransomware. The incident affected 225,176 individuals, including... [More] | ||
| P2021-ND-227 | Nov 12 2021 | American Health Information Management Association |
| Summary: Payment card information entered in the organization's online store was compromised. The incident... [More] | ||
| P2021-ND-226 | Nov 12 2021 | College of Licensed Practical Nurses of Alberta |
| Summary: A complaint received by the organization was sent to an unintended recipient, instead of the... [More] | ||
| P2021-ND-225 | Nov 12 2021 | Employee Benefit Funds Administration Ltd. |
| Summary: The organization sent a member's pension statement to another plan member in error. The incident... [More] | ||
| P2021-ND-224 | Nov 12 2021 | Bear Creek Funeral Home |
| Summary: A package the organization sent was not received by Canada Post at distribution, and was later... [More] | ||
| P2021-ND-223 | Nov 12 2021 | Walton Global Holdings, Ltd. |
| Summary: Email accounts were compromised in a phishing account, which led to the threat actor requesting a... [More] | ||
| P2021-ND-222 | Nov 12 2021 | Anvil Corporation |
| Summary: The organization was subject to ransomware. The incident affected one Alberta resident. | ||
| P2021-ND-221 | Nov 12 2021 | Wealthsimple Inc. |
| Summary: The organization was subject to a credential stuffing attack. The incident affected 31 individuals... [More] | ||
| P2021-ND-220 | Nov 8 2021 | Syncrude Canada Ltd. |
| Summary: Improperly configured server access settings potentially exposed personal information. The incident... [More] | ||
| P2021-ND-219 | Nov 8 2021 | START Architecture Inc. |
| Summary: An employee was the victim of a phishing attack that compromised their email login credentials. The... [More] | ||
| P2021-ND-218 | Nov 8 2021 | UiPath SRL |
| Summary: Permissions for a file were misconfigured, which made it publicly available on a website. The... [More] | ||
| P2021-ND-217 | Nov 3 2021 | Calgary House of Cars 6 Inc. |
| Summary: A desktop computer and hard copies of files were stolen from the organization. The incident... [More] | ||
| P2021-ND-216 | Nov 3 2021 | Guillevin International Co. |
| Summary: The organization was subject to ransomware. The incident affected 1,500 individuals, including 125... [More] | ||
| P2021-ND-215 | Nov 3 2021 | Sonita Goehring Counselling Services Inc. |
| Summary: A student accessed a client's confidential file without authorization. The incident affected one... [More] | ||
| P2021-ND-214 | Nov 3 2021 | IPC Securities Corporation |
| Summary: An administrative error led to the wrong address being assigned to the wrong client. The incident... [More] | ||
| P2021-ND-213 | Nov 1 2021 | Wilson M. Beck Insurance (Alberta) Inc. |
| Summary: A phishing email was sent from an employee's email account. The incident affected 578 individuals. | ||
| P2021-ND-212 | Nov 1 2021 | Richardson Wealth Limited |
| Summary: A phishing email led to unauthorized access to an employee's email account. The incident affected... [More] | ||
| P2021-ND-211 | Nov 1 2021 | Fat Face Ltd. |
| Summary: There was unauthorized access to some of the organization's IT systems. The incident affected... [More] | ||
| P2021-ND-210 | Nov 1 2021 | Assured Psychology |
| Summary: Emails were sent to the wrong email address. The incident affected one individual. | ||
| P2021-ND-209 | Nov 1 2021 | Zumiez Canada Holdings Inc. |
| Summary: An unauthorized script was identified in the code of the organization's e-commerce website. The... [More] | ||
| P2021-ND-208 | Nov 1 2021 | Golf Avenue Inc. |
| Summary: A photo containing malicious keylogger code was uploaded to the organization's website. The... [More] | ||
| P2021-ND-207 | Oct 18 2021 | Southport Psychology Inc. |
| Summary: The organization mistakenly sent a completed intake package to two unintended recipients, instead... [More] | ||
| P2021-ND-206 | Oct 18 2021 | Edward Jones (an Ontario Limited Partnership) (Edward Jones Canada) |
| Summary: The organization was subject to a credential stuffing attack. The incident affected 64 individuals,... [More] | ||
| P2021-ND-205 | Oct 18 2021 | PFSL Investments (Canada) Ltd. |
| Summary: One of the organization's independent sales representatives had their office burglarized. The... [More] | ||
| P2021-ND-204 | Oct 18 2021 | Wealthsimple Financial Corp. |
| Summary: The organization was subject to a credential stuffing attack. The incident affected 23 Alberta... [More] | ||
| P2021-ND-203 | Oct 18 2021 | The Canada Life Assurance Company |
| Summary: A software update resulted in an issue where plan members were shown information about a different... [More] | ||
| P2021-ND-202 | Oct 18 2021 | Minerals Technologies Inc. |
| Summary: The organization was subject to ransomware. The incident affected 12,223 individuals, including one... [More] | ||
| P2021-ND-201 | Oct 18 2021 | Datatax Business Services Limited |
| Summary: The organization was subject to ransomware. The incident affected 6,100 individuals, including... [More] | ||
| P2021-ND-200 | Oct 18 2021 | USNR, LLC |
| Summary: There was unauthorized access to the organization's network. The incident affected 1,234... [More] | ||
| P2021-ND-199 | Oct 18 2021 | Home Hardware Stores Limited |
| Summary: The organization was subject to ransomware. The incident affected 5,242 individuals, including 11... [More] | ||
| P2021-ND-198 | Oct 15 2021 | Royal Camp Services Ltd. and its subsidiaries and affiliates Summit Camp Services Ltd. and Chief Isaac Summit Camp Services Ltd. |
| Summary: The organization was subject to ransomware. The incident affected 3,986 individuals, including... [More] | ||
| P2021-ND-197 | Oct 15 2021 | Combined Insurance Company of America |
| Summary: An employee mistakenly added the contact list of email recipients to the email itself. The incident... [More] | ||
| P2021-ND-196 | Oct 15 2021 | DirectVapor, Inc. |
| Summary: An unauthorized user gained access to the organization's online payment platform. The incident... [More] | ||
| P2021-ND-195 | Oct 15 2021 | Angeion Group |
| Summary: There was unauthorized access to an employee's email account. The incident affected 67,677... [More] | ||
| P2021-ND-194 | Oct 14 2021 | Victoria's Secret Stores Brand Management |
| Summary: The organization was subject to a credential stuffing attack. The incident affected 16 individuals... [More] | ||
| P2021-ND-193 | Oct 14 2021 | Mosaic Primary Care Network |
| Summary: There was unauthorized access to the organization's SharePoint site. The incident affected nine... [More] | ||
| P2021-ND-192 | Oct 14 2021 | SiteOne Landscape Supply, Inc. |
| Summary: The organization's network was subject to unauthorized access. The incident affected 156 Alberta... [More] | ||
| P2021-ND-191 | Oct 14 2021 | College of Physicians and Surgeons of Alberta |
| Summary: Breaches occurred that related to a physician's complaint about three other physicians. The... [More] | ||
| P2021-ND-190 | Oct 14 2021 | Power Survey and Equpment Ltd DBA Powerside |
| Summary: An unauthorized third party had access to an employee's email account. The incident affected 874... [More] | ||
| P2021-ND-189 | Oct 14 2021 | TingleMerrett LLP |
| Summary: Documents were sent to the wrong address. The incident affected one individual. | ||
| P2021-ND-188 | Oct 14 2021 | rewardStyle Inc. |
| Summary: A third party had unauthorized access to personal information stored in databases. The incident... [More] | ||
| P2021-ND-187 | Oct 14 2021 | Edward Jones (an Ontario Limited Partnership) (Edward Jones Canada) |
| Summary: A third party service provider to the organization was subject to ransomware. The incident affected... [More] | ||
| P2021-ND-186 | Oct 12 2021 | FreeThink Capital Inc. |
| Summary: The organization's office was broken into. The incident affected 11 individuals, including 10... [More] | ||
| P2021-ND-184 | Oct 12 2021 | The Association candienne-francaise de L'Alberta |
| Summary: A former board member of a business that the organization took control of posted personal... [More] | ||
| P2021-ND-183 | Oct 12 2021 | Center Street Church |
| Summary: The organization was subject to ransomware. The incident affected 87,577 individuals, including... [More] | ||
| P2021-ND-182 | Sep 2 2021 | New Horizons Car & Truck Rentals Inc., operating as Discount Car and Truck Rentals |
| Summary: The organization was subject to ransomware. The incident affected approximately 18,485 individuals. | ||
| P2021-ND-181 | Sep 2 2021 | Leede Jones Gable Inc. |
| Summary: The organization was subject to a ransomware attack. The incident affected 12,090 individuals,... [More] | ||
| P2021-ND-180 | Sep 2 2021 | National Intramural and Recreational Sports Association |
| Summary: A third party e-commerce service provider to the organization had a vulnerability exploited. The... [More] | ||
| P2021-ND-179 | Sep 2 2021 | NUUD Inc. o/a HUSH Lingerie and More |
| Summary: Spyware was installed on the organization's computer remotely. The incident affected an unknown... [More] | ||
| P2021-ND-178 | Sep 2 2021 | Underwriters Laboratories of Canada Inc. |
| Summary: A threat actor attempted a ransomware attack. The incident affected 226 individuals residing in... [More] | ||
| P2021-ND-177 | Sep 2 2021 | Brewmaster Coffee Enterprises (M.H.) Inc. |
| Summary: Flash drives containing personal information were lost. The incident affected 23 individuals. | ||
| P2021-ND-176 | Sep 2 2021 | Keyera Corp. |
| Summary: An employee with the organization sent an email containing PDF copies of an employee’s termination... [More] | ||
| P2021-ND-175 | Aug 27 2021 | Canadian Medical Association |
| Summary: As the result of a phishing incident, email messages received in an employee’s inbox were forwarded... [More] | ||
| P2021-ND-173 | Aug 27 2021 | NFP Canada Corp. |
| Summary: A waiver form was sent to a client. The waiver form included the new address of the client's... [More] | ||
| P2021-ND-172 | Aug 27 2021 | Co-operators General Insurance Company (CGIC), Co-operators Life Insurance Company (CLIC) |
| Summary: An employee sent client information to his personal email account and may have taken physical... [More] | ||
| P2021-ND-171 | Aug 27 2021 | World Financial Group Canada Inc. |
| Summary: A vehicle was stolen. A work bag with a password-protected laptop was in the vehicle. The incident... [More] | ||
| P2021-ND-170 | Aug 27 2021 | Rocky Credit Union Ltd. |
| Summary: Information about a youth's savings account was disclosed to a client in error. The incident... [More] | ||
| P2021-ND-169 | Aug 26 2021 | Cornerstone Building Brands |
| Summary: An unauthorized party gained access to the organization's network. The incident affected 47... [More] | ||
| P2021-ND-168 | Aug 26 2021 | ARCH Psychological Services |
| Summary: An email attachment was sent to the wrong potential client. The incident affected two individuals. | ||
| P2021-ND-167 | Aug 26 2021 | Gienow Renovations |
| Summary: An unauthorized party gained access to the organization's network. The incident affected 118... [More] | ||
| P2021-ND-166 | Aug 26 2021 | Communauto Inc. |
| Summary: The organizations subject to ransomware. The incident affected 9,950 individuals in Alberta. | ||
| P2021-ND-165 | Aug 26 2021 | American College of Emergency Physicians |
| Summary: Payment card information was potentially subject to unauthorized acquisition. The incident affected... [More] | ||
| P2021-ND-164 | Aug 26 2021 | RBC Life Insurance |
| Summary: Two letters, one meant for an employee and one meant for an employer, were placed in the same... [More] | ||
| P2021-ND-163 | Aug 25 2021 | Clear Sky Capital Inc. |
| Summary: Tax forms were inadvertently printed double-sided. The incident affected 57 individuals, including... [More] | ||
| P2021-ND-162 | Aug 25 2021 | Johnston Group Inc. |
| Summary: The organization was subject to a brute force attack against its client portal. The incident... [More] | ||
| P2021-ND-161 | Aug 25 2021 | YSS Corp. |
| Summary: An unknown individual gained entry to the organization's head office. The incident affected... [More] | ||
| P2021-ND-160 | Aug 25 2021 | Alberta College of Social Workers |
| Summary: An academic transcript was received and uploaded to a database but was attached to the wrong member... [More] | ||
| P2021-ND-159 | Aug 25 2021 | NeuroTrition Inc. |
| Summary: A former contractor accessed an organization account, closed it without the organization's... [More] | ||
| P2021-ND-158 | Sep 13 2021 | Grant Thornton LLP |
| Summary: An employee's email account was compromised resulting in phishing emails being sent from the... [More] | ||
| P2021-ND-157 | Aug 25 2021 | Home Depot of Canada Inc. |
| Summary: A system error resulted in some customers receiving emails for orders that they did not place. The... [More] | ||
| P2021-ND-156 | Aug 25 2021 | Saputo Dairy Products Canada G.P. |
| Summary: An employee's email account was compromised resulting in an auto forwarding rule being set up... [More] | ||
| P2021-ND-155 | Jun 8 2021 | TVI Pacific Inc. |
| Summary: The organization's office was broken into and items were stolen. The incident affected... [More] | ||
| P2021-ND-154 | Jun 8 2021 | Parkland Corporation |
| Summary: A phishing email resulted in the organization being subject to ransomware. The incident affected... [More] | ||
| P2021-ND-153 | Jun 8 2021 | Paskapoo Pet Services |
| Summary: A vulnerability in software may have allowed unauthorized access to personal information. The... [More] | ||
| P2021-ND-152 | Jun 8 2021 | IPC Investment Corporation |
| Summary: An email was sent to the wrong email account. The incident affected two individuals. | ||
| P2021-ND-151 | Jun 8 2021 | College of Registered Dental Hygienists of Alberta |
| Summary: The organization sent an email to an applicant and included an email addressed to a different... [More] | ||
| P2021-ND-150 | Jun 8 2021 | J.V. Driver Corporation Inc. |
| Summary: The organization was subject to a ransomware attack. The incident affected approximately 30,000... [More] | ||
| P2021-ND-142 | May 25 2021 | Edon Properties Inc. |
| Summary: An employee’s criminal record check application form was mistakenly attached to an email that was... [More] | ||
| P2021-ND-141 | May 25 2021 | The Canada Life Insurance Company |
| Summary: A contract was lost in transit. The incident affected one Alberta resident. | ||
| P2021-ND-140 | May 25 2021 | Canadian Forest Products Ltd. |
| Summary: An employee's laptop was stolen. The incident affected 536 individuals, including 202 Alberta... [More] | ||
| P2021-ND-139 | May 25 2021 | Sherwood Consulting Services, Inc. |
| Summary: A psychologist with the organization discovered her residential garage had been broken into and a... [More] | ||
| P2021-ND-138 | May 25 2021 | Sedgwick Canada, Inc. |
| Summary: The organization was subject to a cybersecurity incident, which resulted in unauthorized access to... [More] | ||
| P2021-ND-137 | May 25 2021 | Morneau Shepell Ltd. |
| Summary: Phishing emails led to five employee accounts being compromised. The incident affected 622... [More] | ||
| P2021-ND-135 | May 25 2021 | Park Paving Ltd. |
| Summary: A file containing all hourly employee paystubs was emailed to one employee who had requested their... [More] | ||
| P2021-ND-134 | May 25 2021 | Mennonite Economic Development Associates of Canada o/a MEDA |
| Summary: A third party service provider was subject to a ransomware attack. The incident affected 28,861... [More] | ||
| P2021-ND-133 | May 25 2021 | Calgary Meals on Wheels |
| Summary: A volunteer’s vehicle was broken into and four invoices in sealed envelopes were stolen | ||
| P2021-ND-132 | May 18 2021 | Warner Music Group Corporation |
| Summary: An unauthorized third party compromised a number of websites hosted by a third party service... [More] | ||
| P2021-ND-131 | May 18 2021 | J.V. Driver Corporation Inc. |
| Summary: An employee was subject to a phishing attack. The incident affected 2,389 Alberta residents. | ||
| P2021-ND-130 | May 18 2021 | Minto Multi-Residential Income Partners I, IP |
| Summary: An office was broken into and rental application packages and personal cheques were stolen. The... [More] | ||
| P2021-ND-129 | May 12 2021 | Bombas LLC |
| Summary: The organization discovered malicious code was placed on its e-commerce website hosted by a third... [More] | ||
| P2021-ND-128 | May 12 2021 | Leede Jones Gable Inc. |
| Summary: An employee was subject to a phishing attack. The incident affected 22 individuals, including two... [More] | ||
| P2021-ND-126 | May 11 2021 | Francis Winspear Centre for Music |
| Summary: A third party service provider was subject to a ransomware attack. The incident affected 498... [More] | ||
| P2021-ND-125 | May 11 2021 | Edmonton Symphony Society |
| Summary: A third party service provider was subject to a ransomware attack. The incident affected 498... [More] | ||
| P2021-ND-124 | Apr 27 2021 | Relevant Radio |
| Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
| P2021-ND-123 | Apr 27 2021 | Savers, Inc. |
| Summary: An employee was subject to a phishing attack. The incident affected 147 individuals, including two... [More] | ||
| P2021-ND-122 | Apr 27 2021 | Rakuten Kobo Inc. |
| Summary: An employee was subject to a phishing attack. The incident affected 189 individuals, including 14... [More] | ||
| P2021-ND-121 | Apr 27 2021 | Blue Buffalo Company, Ltd. |
| Summary: An unauthorized party gained access to the organization’s network via the exploitation of a... [More] | ||
| P2021-ND-120 | Apr 27 2021 | Century 21 Department Stores LLC |
| Summary: The organization found unauthorized code on its website. The incident affected 7,213 individuals,... [More] | ||
| P2021-ND-119 | Apr 27 2021 | World Financial Group Canada Inc. |
| Summary: A password protected laptop containing client information was stolen from a locked vehicle. The... [More] | ||
| P2021-ND-118 | Apr 27 2021 | Mountain View Credit Union |
| Summary: The organization inadvertently mailed an annual post-review letter and a non-compliance letter to... [More] | ||
| P2021-ND-117 | Apr 27 2021 | Luxottica of America Inc. |
| Summary: An automated attack was carried out against the organization's scheduling application. The incident... [More] | ||
| P2021-ND-115 | Apr 20 2021 | Expedia |
| Summary: An attacker may have gained access to personal information stored on an online platform, which the... [More] | ||
| P2021-ND-113 | Apr 20 2021 | The Results Companies, LLC |
| Summary: The organization discovered unauthorized access to an employee's email account. The incident... [More] | ||
| P2021-ND-112 | Mar 31 2021 | Worldwide Insurance Services, LLC |
| Summary: The organization determined that an unauthorized party may have obtained credentials to two... [More] | ||
| P2021-ND-111 | Mar 31 2021 | Canadian Crossroads International |
| Summary: A third party service provider was subject to a ransomware attack. The incident affected 3,176... [More] | ||
| P2021-ND-110 | Apr 7 2021 | Nodor International Limited (trading as Red Dragon Darts) |
| Summary: The organization's website was compromised by malicious code that collected data from the payment... [More] | ||
| P2021-ND-109 | Mar 31 2021 | Adventus Opportunity Fund |
| Summary: Social insurance numbers were visible through envelope windows, as a result of an incorrect... [More] | ||
| P2021-ND-108 | Mar 31 2021 | Salta Gymnastics Club |
| Summary: A hidden audio device was found behind a picture frame in the organization's staff room. The... [More] | ||
| P2021-ND-107 | Apr 7 2021 | Opportunity International Canada |
| Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
| P2021-ND-106 | Mar 31 2021 | Tamarack Psychology |
| Summary: A phishing attack led to unauthorized access to an email account. The incident affected 64 Alberta... [More] | ||
| P2021-ND-105 | Mar 31 2021 | CM Group Holdings, Inc. d/b/a Creative Memories |
| Summary: Credit and debit card information for certain transactions may have been subject to unauthorized... [More] | ||
| P2021-ND-104 | Mar 31 2021 | Richardson GMP Ltd. |
| Summary: An investment advisor sent portfolio evaluations about a client to the wrong recipient. The... [More] | ||
| P2021-ND-103 | Mar 31 2021 | Penguin Random House Canada |
| Summary: A mailing error resulted in tax slips being sent to the wrong recipients. The incident affected... [More] | ||
| P2021-ND-102 | Mar 31 2021 | Best Buy Canada Ltd. |
| Summary: An SSD card used to back up computer data was lost. The incident affected one individual. | ||
| P2021-ND-101 | Mar 31 2021 | Alberta School Employee Benefit Plan |
| Summary: An individual received in error a statement about psychological treatment not being covered through... [More] | ||
| P2021-ND-100 | Mar 31 2021 | The Globe and Mail Inc. |
| Summary: A customer service representative, employed by a third party service provider, used a customer's... [More] | ||
| P2021-ND-099 | Mar 31 2021 | Ivanhoe Cambridge |
| Summary: An unauthorized script was placed on the organization's ecommerce website, which is maintained by a... [More] | ||
| P2021-ND-098 | Mar 31 2021 | NBA Media Ventures, LLC |
| Summary: An unauthorized intruder accessed a computer server that contained information about individuals... [More] | ||
| P2021-ND-097 | Mar 31 2021 | SMART Local Unions and Councils Pension Fund (Canada) |
| Summary: A phishing attack led to an intruder obtaining the credentials for an employee's email account. The... [More] | ||
| P2021-ND-096 | Mar 30 2021 | Carscallen LLP |
| Summary: A statement of benefits was lost while being transported from a home office to the organization's... [More] | ||
| P2021-ND-095 | Mar 30 2021 | AgeCare Seton |
| Summary: A bag containing personal information went missing. The incident affected 43 individuals. | ||
| P2021-ND-094 | Mar 30 2021 | Bunzl North America |
| Summary: Order information from a website may have been exposed to an unauthorized third party. The... [More] | ||
| P2021-ND-093 | Mar 30 2021 | Laura Gilligan, Occupational Therapist |
| Summary: A document was shared with the wrong email address. The incident affected two individuals in... [More] | ||
| P2021-ND-092 | Mar 30 2021 | Oklahoma Department of Securities |
| Summary: A firewall vulnerability made a server accessible. The incident affected 13 individuals in Alberta. | ||
| P2021-ND-091 | Mar 30 2021 | Gray Monk Estate Winery |
| Summary: A document containing personal information was inadvertently attached to an email. The incident... [More] | ||
| P2021-ND-090 | Mar 30 2021 | Samsung Electronics Canada Inc. |
| Summary: A third party service provider's employee was subject to a phishing attack. Personal information... [More] | ||
| P2021-ND-089 | Mar 16 2021 | AUPE |
| Summary: A staff member’s laptop was stolen from their vehicle. The incident affected three members, as well... [More] | ||
| P2021-ND-088 | Mar 16 2021 | PetroChina Canada Ltd. |
| Summary: Malware was discovered a laptop. The incident affected one individual in Alberta. | ||
| P2021-ND-087 | Mar 16 2021 | Society of Composers, Authors and Music Publishers of Canada (SOCAN) |
| Summary: An employee of the organization posted files containing royalty statements to certain members'... [More] | ||
| P2021-ND-086 | Mar 16 2021 | Houzz Inc. |
| Summary: The organization was contacted by a security researcher about a data file the researcher had... [More] | ||
| P2021-ND-085 | Mar 16 2021 | College and Association of Registered Nurses of Alberta |
| Summary: Two employees stored documentation intended for shredding in bins which were mistaken for recycling... [More] | ||
| P2021-ND-084 | Mar 16 2021 | Glentel Inc. |
| Summary: A phishing email led to an employee's credentials being compromised. The incident affected... [More] | ||
| P2021-ND-083 | Mar 16 2021 | Trans Union Consumer Interactive, Inc. |
| Summary: The organization's Canadian consumer-facing website was subject to a credential stuffing attack.... [More] | ||
| P2021-ND-082 | Mar 16 2021 | Yellow Pages Digital & Media Solutions Limited |
| Summary: An email appearing to be from a senior executive of the organization was from an unauthorized... [More] | ||
| P2021-ND-081 | Mar 16 2021 | Inter Pipeline Ltd. |
| Summary: A human resource employee inadvertently copied a distribution group of 134 employees on an email to... [More] | ||
| P2021-ND-080 | Mar 16 2021 | Mother Parker’s Tea & Coffee Inc. |
| Summary: A laptop went missing. The incident affected 1,823 individuals, including five Alberta residents. | ||
| P2021-ND-079 | Mar 9 2021 | CDSPI |
| Summary: An employee with the organization inadvertently enclosed a copy of an individual’s application for... [More] | ||
| P2021-ND-078 | Mar 9 2021 | Geo Logic Systems Ltd. |
| Summary: A third party contractor notified the organization that a data breach had occurred which consisted... [More] | ||
| P2021-ND-077 | Mar 9 2021 | TGSI Canada Corp. |
| Summary: The organization determined that a former short-term employee had unlawfully downloaded data from... [More] | ||
| P2021-ND-076 | Mar 9 2021 | Saybrook University |
| Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
| P2021-ND-075 | Mar 9 2021 | Rooster Teeth Productions, LLC |
| Summary: The organization discovered that malicious code had been added to its ecommerce site. The incident... [More] | ||
| P2021-ND-074 | Mar 9 2021 | TH 17Th Ltd. |
| Summary: Employee files were improperly discarded. The incident affected 10 individuals. | ||
| P2021-ND-073 | Mar 9 2021 | Keurig Canada Inc. |
| Summary: Customer email addresses were mistakenly entered in the CC line, rather than the BCC line for email... [More] | ||
| P2021-ND-072 | Mar 9 2021 | Windward Software Systems Inc. |
| Summary: The organization was subject to a cyberattack, including ransomware. The incident affected 148... [More] | ||
| P2021-ND-071 | Mar 9 2021 | Direct Energy Marketing Limited |
| Summary: A service provider to the organization was subject to a ransomware attack. The incident affected... [More] | ||
| P2021-ND-070 | Mar 9 2021 | POWER Engineers, Inc. |
| Summary: The organization investigated and determined that there was unauthorized access to certain email... [More] | ||
| P2021-ND-068 | Mar 9 2021 | Sun Life Financial |
| Summary: The organization sent a letter to the wrong client. The incident affected one Alberta resident. | ||
| P2021-ND-067 | Mar 9 2021 | Boardwalk Rental Communities |
| Summary: Multiple documents and electronic devices were stolen from the organization's premises. The... [More] | ||
| P2021-ND-066 | Mar 9 2021 | Rifco National Auto Finance |
| Summary: A void cheque from a customer was inadvertently emailed to another customer. The incident affected... [More] | ||
| P2021-ND-065 | Mar 9 2021 | Grey Eagle Casino |
| Summary: A phishing email led to unauthorized accessed to the payroll system and a demand for ransom. The... [More] | ||
| P2021-ND-064 | Mar 9 2021 | Rocky Mountain House Society dba Rocky Mountain Support Services Society |
| Summary: The organization experienced a ransomware attack. The incident affected approximately 113... [More] | ||
| P2021-ND-063 | Mar 9 2021 | Aeroplan Inc. |
| Summary: Malicious actor(s) used valid credentials obtained from prior breaches unrelated to the... [More] | ||
| P2021-ND-062 | Mar 9 2021 | Employee Benefit Funds Administration Ltd. |
| Summary: An employee with the organization inadvertently switched two claims cheques and the cheques were... [More] | ||
| P2021-ND-061 | Mar 9 2021 | Natural Gas Employees' Association |
| Summary: Information at issue was circulated via email and posted on the organization's secure website. The... [More] | ||
| P2021-ND-060 | Mar 9 2021 | GroupHEALTH Family of Companies |
| Summary: An employee's email account was accessed by an unauthorized third party. The incident affected... [More] | ||
| P2021-ND-059 | Mar 9 2021 | Marchand Psychological Services |
| Summary: The organization's office was broken into and session notes went missing. The incident affected 11... [More] | ||
| P2021-ND-058 | Mar 9 2021 | PPI Management Inc. |
| Summary: A phishing attack compromised approximately seven email accounts. The incident affected 5,117... [More] | ||
| P2021-ND-057 | Mar 9 2021 | Desjardins Financial Security |
| Summary: An employee of the organization accessed and used personal information of a number of group... [More] | ||
| P2021-ND-056 | Mar 9 2021 | Desjardins Group |
| Summary: The organization learned from police that one of its employees exfiltrated client personal... [More] | ||
| P2021-ND-055 | Mar 9 2021 | Sustainable Produce Urban Delivery, Inc. |
| Summary: A phishing attack resulted in a third party setting up an email forwarding rule. The incident... [More] | ||
| P2021-ND-054 | Mar 2 2021 | Calgary Meals on Wheels |
| Summary: Six meals were stolen, which were labelled with clients' names and addresses. The incident affected... [More] | ||
| P2021-ND-053 | Mar 2 2021 | Edmonton Humane Society |
| Summary: Personal information was mistakenly published on the organization's website. | ||
| P2021-ND-052 | Mar 2 2021 | AppCarouselDirect Inc. |
| Summary: An employee of a third party service provider to the organization improperly accessed and collected... [More] | ||
| P2021-ND-051 | Mar 2 2021 | Trans Union of Canada Inc. |
| Summary: The organization determined that the user credentials for one of its corporate customers had been... [More] | ||
| P2021-ND-050 | Mar 2 2021 | Canbriam Energy Inc. |
| Summary: An employee of a service provider to the organization improperly accessed and collected some of the... [More] | ||
| P2021-ND-049 | Mar 2 2021 | Life Fitness, a division of Brunswick Corporation |
| Summary: The organization received an email from a third party security firm advising that it had discovered... [More] | ||
| P2021-ND-048 | Mar 2 2021 | Alberta College and Association of Opticians |
| Summary: The organization's website was hacked and the unauthorized users granted themselves administration... [More] | ||
| P2021-ND-047 | Mar 2 2021 | BlockFi, Inc. |
| Summary: The organization was subject to a phishing attack after an employee's smartphone SIM card had been... [More] | ||
| P2021-ND-046 | Mar 2 2021 | Rifco National Auto Finance |
| Summary: An email thread with a customer was inadvertently sent to a different customer. The incident... [More] | ||
| P2021-ND-045 | Mar 2 2021 | RedBloom Salons |
| Summary: A storage locker was broken into and paper files were stolen. The incident affected 54 Alberta... [More] | ||
| P2021-ND-044 | Mar 2 2021 | The Country Day School |
| Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
| P2021-ND-043 | Mar 2 2021 | Belden Canada ULC |
| Summary: An unauthorized third party gained access to the organization's business servers. The incident... [More] | ||
| P2021-ND-042 | Mar 2 2021 | CDN Controls Ltd. |
| Summary: The organization was subject to a ransomware attack. The incident affected 870 Alberta residents. | ||
| P2021-ND-041 | Mar 2 2021 | Kroto Inc., dba iCanvas |
| Summary: Unauthorized script was placed on the checkout page in the organization's website. The incident... [More] | ||
| P2021-ND-040 | Mar 2 2021 | Brookfield Residential Properties Inc. |
| Summary: A phishing attack led to unauthorized access to the organization's network(s). The incident... [More] | ||
| P2021-ND-039 | Mar 2 2021 | ivari |
| Summary: Insurance policy contracts were placed into incorrect courier packages and then were delivered to... [More] | ||
| P2021-ND-038 | Feb 23 2021 | Claire’s Store Inc. |
| Summary: Unauthorized code was identified on the organization's ecommerce site. The incident affected five... [More] | ||
| P2021-ND-037 | Feb 23 2021 | Leduc Mechanical Industries Inc. |
| Summary: An individual acted as though they were an employee of a third party service provider. The... [More] | ||
| P2021-ND-036 | Feb 23 2021 | ivari |
| Summary: An insurance advisor's car was broken into and a briefcase containing laptops and paper files was... [More] | ||
| P2021-ND-035 | Feb 23 2021 | Worth Ventures Ltd. |
| Summary: The organization's system was subject to ransomware. The incident affected approximately 200... [More] | ||
| P2021-ND-034 | Feb 23 2021 | Best Buy Canada Ltd. |
| Summary: A computer sent for repair was lost in transit. The incident affected one individual. | ||
| P2021-ND-033 | Feb 23 2021 | Michael Neeland |
| Summary: A laptop case containing paper records was stolen from a vehicle. The incident affected one Alberta... [More] | ||
| P2021-ND-032 | Feb 23 2021 | Southgate Medallion Family Day Homes Ltd. |
| Summary: A staff member's vehicle was stolen. The vehicle contained an unencrypted USB drive with personal... [More] | ||
| P2021-ND-031 | Feb 23 2021 | Raymond James Financial Planning Ltd. |
| Summary: A contract was lost in transit. The incident affected one Alberta resident. | ||
| P2021-ND-030 | Feb 23 2021 | Young Men’s Christian Association of Edmonton (YMCA of Northern Alberta) |
| Summary: An emergency bag containing information about 11 children in care was stolen from an employee's... [More] | ||
| P2021-ND-029 | Feb 23 2021 | DIRTT Environmental Solutions Ltd. |
| Summary: A spreadsheet containing personal information was inadvertently sent to the organization's internal... [More] | ||
| P2021-ND-028 | Feb 23 2021 | Herbers Autobody Repair Inc. |
| Summary: A staff member opened a phishing email attachment that contained malware. The incident affected... [More] | ||
| P2021-ND-027 | Feb 23 2021 | Barr Picard Law |
| Summary: The organization discovered that a staff member’s email account was compromised and messages... [More] | ||
| P2021-ND-026 | Feb 23 2021 | Frederick W. Howarth III d/b/a TBG West Insurance Services |
| Summary: The organization was subject to a ransomware attack. The incident affected 41 Alberta residents. | ||
| P2021-ND-025 | Feb 23 2021 | YogaFit Training Systems Worldwide, Inc. |
| Summary: The organization was subject to a cyberattack that resulted in unauthorized access to customers'... [More] | ||
| P2021-ND-024 | Feb 23 2021 | American Public Works Association |
| Summary: Customer information was accessed without authorization through the organization's online store.... [More] | ||
| P2021-ND-023 | Feb 23 2021 | Pivot Technology Solutions Inc. |
| Summary: The organization was subject to a ransomware attack. The incident affected 156 Canadians, including... [More] | ||
| P2021-ND-022 | Feb 23 2021 | Mitten Building Products |
| Summary: An unauthorized individual accessed some employee email accounts. The incident affected 91... [More] | ||
| P2021-ND-021 | Feb 23 2021 | Branksome Hall |
| Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
| P2021-ND-020 | Feb 23 2021 | Edmonton Soccer Association Facilities |
| Summary: The organization's office was broken into. The perpetrator(s) went through numerous filing cabinets... [More] | ||
| P2021-ND-019 | Feb 23 2021 | Victoria’s Secret Store Brand Management, LLC |
| Summary: The organization learned that an unauthorized individual gained access to personal information in... [More] | ||
| P2021-ND-018 | Feb 16 2021 | Christian Labour Association of Canada |
| Summary: Job profiles were inadvertently made available to search crawlers for indexing in search engines.... [More] | ||
| P2021-ND-017 | Feb 16 2021 | Edson Medical Centre |
| Summary: The organization discovered a former employee’s email account had been accessed without... [More] | ||
| P2021-ND-016 | Feb 16 2021 | JTI-Macdonald Corporation |
| Summary: Salary compensation information was inadvertently made publicly available on a cloud server. The... [More] | ||
| P2021-ND-015 | Feb 16 2021 | Richardson GMP Ltd. |
| Summary: An administrative error caused an investment update document to be inadvertently mailed to out of... [More] | ||
| P2021-ND-014 | Feb 16 2021 | Salta Gymnastics Club |
| Summary: A board meeting was audiotaped, including the ‘in camera’ session where two employees’ employment... [More] | ||
| P2021-ND-013 | Feb 16 2021 | Association of Professional Engineers and Geoscientists of Alberta |
| Summary: The organization sent reminder notices on overdue continuing professional development submissions... [More] | ||
| P2021-ND-012 | Feb 15 2021 | Connect First Credit Union Ltd. |
| Summary: A printing error by a third party vendor led to financial investment renewal notices including some... [More] | ||
| P2021-ND-010 | Feb 16 2021 | Best Buy Canada Ltd. |
| Summary: A booklet containing a form with personal information was misplaced. The incident affected 67... [More] | ||
| P2021-ND-009 | Feb 16 2021 | Aurora Cannabis Enterprises Inc. |
| Summary: The organization was subject to a cyberattack involving unauthorized access to its SharePoint... [More] | ||
| P2021-ND-008 | Mar 31 2021 | Servus Credit Union Ltd. |
| Summary: An error in the printing and folding of tax receipts resulted in social insurance numbers being... [More] | ||
| P2021-ND-007 | Feb 16 2021 | ATB Financial |
| Summary: An employee's vehicles was broken into and a backpack containing an encrypted laptop, encrypted... [More] | ||
| P2021-ND-006 | Feb 16 2021 | Don Wheaton Chevrolet GMC Buick Cadillac Ltd. |
| Summary: A phishing email was opened which activated malware. The incident affected 4,000 Alberta residents. | ||
| P2021-ND-005 | Feb 16 2021 | Ridley College School |
| Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
| P2021-ND-004 | Feb 16 2021 | London Life Insurance Company |
| Summary: An insurance contract was lost during transit. The incident affected three individuals in Alberta. | ||
| P2021-ND-003 | Jan 26 2021 | AltaSteel, Inc. |
| Summary: An email forwarding rule was set up without authorization. Three email accounts were sending emails... [More] | ||
| P2021-ND-002 | Jan 26 2021 | Deluxe Small Business Sales Inc., operating as MAC Highway |
| Summary: The organization discovered that the password for an administrative portal was compromised and an... [More] | ||
| P2021-ND-001 | Jan 26 2021 | Custom Electric Ltd. |
| Summary: A phishing attempt resulted in an internal email, with employee payroll earning statements... [More] | ||
Copyright 2022 OIPC. All rights reserved.