Loading... Please Wait
In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
| Decision | Date | Body |
|---|---|---|
| P2020-ND-062 | Jun 5 2020 | Lorne Steinberg Wealth Management Inc. |
| Summary: The organization determined that an unknown external actor gained access to the email accounts and... [More] | ||
| P2020-ND-061 | Jun 5 2020 | Mountain Equipment Co-op |
| Summary: The organization ran a pilot marketing campaign during which it sent the personal information at... [More] | ||
| P2020-ND-060 | May 29 2020 | Servus Credit Union Ltd. |
| Summary: An email containing mortgage renewal documents for an individual was sent to an unknown recipient... [More] | ||
| P2020-ND-059 | May 29 2020 | Avenue Living Communities Ltd. |
| Summary: The organization became aware that an unknown and unauthorized actor had altered an employee's... [More] | ||
| P2020-ND-058 | Jun 12 2020 | Investors Group Financial Services Inc. |
| Summary: A hacker gained access to the clients’ (husband and wife) email account and then proceeded to pose... [More] | ||
| P2020-ND-057 | May 29 2020 | ATB Financial |
| Summary: A team member's vehicle was stolen, which had in it a laptop and mortgage application paper... [More] | ||
| P2020-ND-056 | May 29 2020 | Lightspeed Technologies, Inc. |
| Summary: Customers of the organization reported receiving spoofed emails attempting to change the account... [More] | ||
| P2020-ND-055 | May 25 2020 | Attia Law Group |
| Summary: A lawyer with the organization lost a binder in the Edmonton Provincial Courthouse. The binder... [More] | ||
| P2020-ND-054 | May 22 2020 | Flexiti Financial Inc. |
| Summary: The organization received an email from someone purporting to be a hacker and claiming to have... [More] | ||
| P2020-ND-053 | May 22 2020 | Synergen Housing Corporation Ltd. |
| Summary: Personal information in meeting minutes was not redacted prior to the minutes being distributed to... [More] | ||
| P2020-ND-052 | May 22 2020 | Solium Capital UI-C |
| Summary: The organization reported that one of its contracted service providers determined that a former... [More] | ||
| P2020-ND-051 | May 22 2020 | ATB Financial |
| Summary: A safe was stolen from one of the organization's locations. The incident affected 15 Alberta... [More] | ||
| P2020-ND-050 | May 21 2020 | Master-Bilt Refrigeration Solutions |
| Summary: An unauthorized person accessed the email account of one of the organization's employees. A number... [More] | ||
| P2020-ND-047 | May 19 2020 | iA Financial Group |
| Summary: A vehicle belonging to an insurance agent working with the organization was broken into, and a... [More] | ||
| P2020-ND-046 | May 19 2020 | Grape Holding, NV |
| Summary: An unauthorized user accessed the organization’s reservation portfolios on a third party system.... [More] | ||
| P2020-ND-045 | May 1 2020 | London Life Insurance Company |
| Summary: A completed insurance application was mailed from an advisor's office in Edson to the... [More] | ||
| P2020-ND-044 | May 1 2020 | Servus Credit Union Ltd. |
| Summary: An employee of the organization verbally disclosed information about a loan application to an... [More] | ||
| P2020-ND-043 | May 1 2020 | ivari |
| Summary: An insurance advisor's car was broken into and a laptop was stolen. The information at issue was... [More] | ||
| P2020-ND-042 | Apr 20 2020 | Carly Buffalo RMT |
| Summary: A home office was broken into and a laptop containing the information at issue was stolen. The... [More] | ||
| P2020-ND-041 | Apr 20 2020 | TrueFire LLC |
| Summary: The organization discovered that an unauthorized person gained access to its computer system and... [More] | ||
| P2020-ND-040 | Apr 8 2020 | Co-operators General Insurance Company |
| Summary: During a claim investigation process, the organization’s claims representative provided licence... [More] | ||
| P2020-ND-039 | Apr 1 2020 | Web.com Group, Inc. |
| Summary: The organization became aware that a third party might have gained unauthorized access to a limited... [More] | ||
| P2020-ND-038 | Apr 1 2020 | Master Paints Institute (MPI) Canada, Inc. |
| Summary: The organization discovered a vulnerability in the shopping cart function on its website that... [More] | ||
| P2020-ND-037 | Mar 30 2020 | Mosaic Primary Care Network |
| Summary: An employee’s email account was compromised and used to impersonate an external software vendor. A... [More] | ||
| P2020-ND-036 | Mar 17 2020 | LifeLabs Inc. |
| Summary: A cyberattack involving unauthorized access to two web servers and two databases occurred. The... [More] | ||
| P2020-ND-035 | Mar 9 2020 | Chamberlain Group, Inc. |
| Summary: The organization discovered that a call center employee had not followed mandated security... [More] | ||
| P2020-ND-034 | Mar 9 2020 | SkipTheDishes Restaurant Services Inc. |
| Summary: The organization found account takeovers occurred as a result of individuals having lost control of... [More] | ||
| P2020-ND-033 | Mar 9 2020 | Guardian Law Group LLP |
| Summary: The organization was contacted by another law firm that reported it had received a suspicious email... [More] | ||
| P2020-ND-032 | Mar 6 2020 | Parvus Therapeutics Inc. |
| Summary: A consultant who provides human resource services to the organization was targeted with a phishing... [More] | ||
| P2020-ND-031 | Mar 5 2020 | Lethbridge Community Out of School Association |
| Summary: An employee of the organization was on a short term leave and the organization was looking for... [More] | ||
| P2020-ND-030 | Mar 4 2020 | Sprott Money Ltd. |
| Summary: The organization’s website was compromised as a result of malicious code uploaded by an... [More] | ||
| P2020-ND-029 | Mar 4 2020 | The Canada Life Assurance Company |
| Summary: The organization contacted a residential tenant regarding her parking rent. The individual advised... [More] | ||
| P2020-ND-028 | Mar 4 2020 | Syncrude Canada Inc. |
| Summary: An employee who was ill was assessed by a nurse on-site and sent home. The employee mentioned that... [More] | ||
| P2020-ND-027 | Mar 4 2020 | News America Marketing Digital LLC |
| Summary: The organization learned an unauthorized third party attempted to gain access to Checkout 51... [More] | ||
| P2020-ND-026 | Mar 4 2020 | Association of Professional Engineers and Geoscientists of Alberta |
| Summary: An employee’s email/laptop was accessed without authorization. Phishing emails were received by... [More] | ||
| P2020-ND-025 | Mar 4 2020 | PAR Technology Corporation |
| Summary: The organization found that 11 employee email accounts were accessed without authorization. The... [More] | ||
| P2020-ND-024 | Mar 3 2020 | StockX LLC |
| Summary: The organization found that an unknown third party had been able to gain unauthorized access to... [More] | ||
| P2020-ND-023 | Mar 3 2020 | Economical Mutual Insurance Company |
| Summary: An independent insurance claims adjusting firm engaged by the organization to adjust property... [More] | ||
| P2020-ND-022 | Feb 21 2020 | Koff Productions |
| Summary: The OIPC received an email from an employee of another provincial government stating he had... [More] | ||
| P2020-ND-021 | Feb 14 2020 | National Baseball Hall of Fame and Museum |
| Summary: An unauthorized third party injected malicious code into the organization’s web store. The incident... [More] | ||
| P2020-ND-020 | Feb 14 2020 | Skip The Dishes Restaurant Services Inc. |
| Summary: Unknown individual(s) used credential stuffing to gain access to the organization’s courier... [More] | ||
| P2020-ND-019 | Feb 14 2020 | RBC Life Insurance Company |
| Summary: The organization emailed a claimant’s letter to the claimant’s employer in error. The letter was... [More] | ||
| P2020-ND-018 | Feb 13 2020 | Health Standards Organization (HSO) and Accreditation Canada (AC) |
| Summary: The organization's IT systems were impacted by ransomware that encrypts all data on the infected... [More] | ||
| P2020-ND-017 | Feb 13 2020 | PetroChina Canada Ltd. |
| Summary: Malware was discovered on an end user laptop. The incident affected one individual in Alberta, and... [More] | ||
| P2020-ND-016 | Feb 13 2020 | Quarterhill Inc. |
| Summary: An employee responsible for human resource functions used a corporate owned laptop to access a file... [More] | ||
| P2020-ND-015 | Feb 13 2020 | Kearns, Brinen & Monaghan |
| Summary: Two employees of the organization each received a phishing email with a hyperlink. The employees... [More] | ||
| P2020-ND-014 | Feb 13 2020 | First National Financial LP |
| Summary: The account credentials of an employee of the organization were compromised during a credential... [More] | ||
| P2020-ND-013 | Feb 13 2020 | Leafly Holdings, Inc. |
| Summary: The organization was contacted by a security researcher who advised that he had obtained a set of... [More] | ||
| P2020-ND-012 | Feb 13 2020 | OrthoAccel Technologies, Inc. |
| Summary: The organization confirmed one of its email account users was the victim of a phishing event that... [More] | ||
| P2020-ND-011 | Feb 12 2020 | Omista Credit Union Limited |
| Summary: The organization was made aware of an email phishing incident that affected a number of its... [More] | ||
| P2020-ND-010 | Feb 12 2020 | The Driving Force Inc. |
| Summary: The organization discovered that, due to a phishing scheme, an unauthorized third party gained... [More] | ||
| P2020-ND-009 | Feb 11 2020 | Servus Credit Union Ltd. |
| Summary: An unauthorized individual was able to successfully access a member’s account. The incident... [More] | ||
| P2020-ND-008 | Feb 11 2020 | Beakerhead Creative Society |
| Summary: The organization was not able to determine whether an email distribution list that had been... [More] | ||
| P2020-ND-007 | Feb 11 2020 | Eye Safety Systems, Inc. |
| Summary: The organization concluded that an unauthorized individual or group extracted personal information... [More] | ||
| P2020-ND-006 | Feb 11 2020 | Rifco National Auto Finance |
| Summary: An employee was conversing by email with a customer and inadvertently used the ongoing email string... [More] | ||
| P2020-ND-005 | Feb 11 2020 | Manufacturers Life Insurance Company of Canada |
| Summary: Anomalous activity on the organization's group retirements business' plan member website appeared... [More] | ||
| P2020-ND-004 | Feb 11 2020 | Feld Entertainment, Inc. |
| Summary: The organization confirmed unauthorized access to certain employee accounts related to a phishing... [More] | ||
| P2020-ND-003 | Jan 31 2020 | Employer's Resource Council |
| Summary: The organization determined that an unauthorized actor accessed two of its employees' email... [More] | ||
| P2020-ND-002 | Jan 31 2020 | Carl's Golfland |
| Summary: A webshell was inserted into the organization’s website through a vulnerability and brute force... [More] | ||
| P2020-ND-001 | Jan 31 2020 | Industrial Alliance Insurance and Financial Services Inc. |
| Summary: The email account of a representative of the organization was accessed as the result of a phishing... [More] | ||
Copyright 2020 OIPC. All rights reserved.