Breach Notification Decisions


In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 1
Decision Date Body
P2020-ND-021 Feb 14 2020 National Baseball Hall of Fame and Museum
Summary: An unauthorized third party injected malicious code into the organization’s web store. The incident... [More]
P2020-ND-020 Feb 14 2020 Skip The Dishes Restaurant Services Inc.
Summary: Unknown individual(s) used credential stuffing to gain access to the organization’s courier... [More]
P2020-ND-019 Feb 14 2020 RBC Life Insurance Company
Summary: The organization emailed a claimant’s letter to the claimant’s employer in error. The letter was... [More]
P2020-ND-018 Feb 13 2020 Health Standards Organization (HSO) and Accreditation Canada (AC)
Summary: The organization's IT systems were impacted by ransomware that encrypts all data on the infected... [More]
P2020-ND-017 Feb 13 2020 PetroChina Canada Ltd.
Summary: Malware was discovered on an end user laptop. The incident affected one individual in Alberta, and... [More]
P2020-ND-016 Feb 13 2020 Quarterhill Inc.
Summary: An employee responsible for human resource functions used a corporate owned laptop to access a file... [More]
P2020-ND-015 Feb 13 2020 Kearns, Brinen & Monaghan
Summary: Two employees of the organization each received a phishing email with a hyperlink. The employees... [More]
P2020-ND-014 Feb 13 2020 First National Financial LP
Summary: The account credentials of an employee of the organization were compromised during a credential... [More]
P2020-ND-013 Feb 13 2020 Leafly Holdings, Inc.
Summary: The organization was contacted by a security researcher who advised that he had obtained a set of... [More]
P2020-ND-012 Feb 13 2020 OrthoAccel Technologies, Inc.
Summary: The organization confirmed one of its email account users was the victim of a phishing event that... [More]
P2020-ND-011 Feb 12 2020 Omista Credit Union Limited
Summary: The organization was made aware of an email phishing incident that affected a number of its... [More]
P2020-ND-010 Feb 12 2020 The Driving Force Inc.
Summary: The organization discovered that, due to a phishing scheme, an unauthorized third party gained... [More]
P2020-ND-009 Feb 11 2020 Servus Credit Union Ltd.
Summary: An unauthorized individual was able to successfully access a member’s account. The incident... [More]
P2020-ND-008 Feb 11 2020 Beakerhead Creative Society
Summary: The organization was not able to determine whether an email distribution list that had been... [More]
P2020-ND-007 Feb 11 2020 Eye Safety Systems, Inc.
Summary: The organization concluded that an unauthorized individual or group extracted personal information... [More]
P2020-ND-006 Feb 11 2020 Rifco National Auto Finance
Summary: An employee was conversing by email with a customer and inadvertently used the ongoing email string... [More]
P2020-ND-005 Feb 11 2020 Manufacturers Life Insurance Company of Canada
Summary: Anomalous activity on the organization's group retirements business' plan member website appeared... [More]
P2020-ND-004 Feb 11 2020 Feld Entertainment, Inc.
Summary: The organization confirmed unauthorized access to certain employee accounts related to a phishing... [More]
P2020-ND-003 Jan 31 2020 Employer's Resource Council
Summary: The organization determined that an unauthorized actor accessed two of its employees' email... [More]
P2020-ND-002 Jan 31 2020 Carl's Golfland
Summary: A webshell was inserted into the organization’s website through a vulnerability and brute force... [More]
P2020-ND-001 Jan 31 2020 Industrial Alliance Insurance and Financial Services Inc.
Summary: The email account of a representative of the organization was accessed as the result of a phishing... [More]
Page: of 1
Loading... Please Wait