Breach Notification Decisions


In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 1
Decision Date Body
P2020-ND-113 Sep 25 2020 Apeetogosan (Metis) Development Inc.
Summary: The organization found its computer system was affected by a ransomware attack that caused its... [More]
P2020-ND-112 Sep 25 2020 Employee Benefit Funds Administration Ltd.
Summary: An employee with the organization inadvertently switched two claims documents and mailed them to... [More]
P2020-ND-111 Sep 24 2020 CNOOC Petroleum North America ULC
Summary: The organization discovered that the first employee had authorized access to a spreadsheet of... [More]
P2020-ND-110 Sep 24 2020 Rockyview Gas Co-op Ltd.
Summary: The organization mistakenly printed notices double sided for customers with overdue accounts. As a... [More]
P2020-ND-109 Sep 24 2020 CPA Western School of Business
Summary: An employee with the organization clicked on a phishing email, which created a rule that... [More]
P2020-ND-108 Sep 24 2020 Real Estate Council of Alberta
Summary: An unknown individual gained unauthorized access to an employee email account through a phishing... [More]
P2020-ND-107 Sep 24 2020 CAM LLP
Summary: An employees with the organization had her car stolen, including a briefcase with hard copies of... [More]
P2020-ND-106 Sep 24 2020 ZipRecruiter Inc.
Summary: The organization discovered that the unique login credentials of 30 client-user accounts had been... [More]
P2020-ND-105 Sep 23 2020 Carnival Cruise Line a division of Carnival Corporation
Summary: An intruder deleted two databases from a job portal hosted by a third party. The incident affected... [More]
P2020-ND-104 Sep 23 2020 Namaste Technologies, Inc.
Summary: An employee of the organization noticed unsolicited emails had been received at internal email... [More]
P2020-ND-103 Sep 23 2020 College of Physicians and Surgeons of Alberta
Summary: A hearing tribunal decision was published to the organization’s website and released to the media... [More]
P2020-ND-102 Sep 17 2020 SkipTheDishes Restaurant Services Inc.
Summary: The organization discovered a malicious actor performed a credential-stuffing attack by testing... [More]
P2020-ND-101 Sep 17 2020 Economical Insurance and its subsidiary, Sonnet Insurance Company
Summary: An employee received a phishing email from an unknown third party. The email included a hyperlink... [More]
P2020-ND-100 Sep 17 2020 Maplebear Inc., dba Instacart
Summary: The organization identified evidence that employees of its service provider accessed more shopper... [More]
P2020-ND-099 Sep 3 2020 MNP LLP and related subsidiaries and affiliates
Summary: The organization reported its systems were encrypted as a result of a cybersecurity incident. The... [More]
P2020-ND-097 Sep 3 2020 Railworks Corporation
Summary: The organization was the victim of a cyberattack in which an unauthorized third party encrypted its... [More]
P2020-ND-096 Sep 3 2020 Ply Gem Residential Solutions
Summary: The organization discovered that an unauthorized individual may have accessed certain employees’... [More]
P2020-ND-095 Sep 3 2020 Accor Services Canada Inc.
Summary: A service provider for the organization discovered a file containing personal information on a... [More]
P2020-ND-094 Sep 2 2020 Medicine Hat Family Young Men’s Christian Association
Summary: An employee with the organization sent an email contact list containing guardians’ contact... [More]
P2020-ND-093 Sep 2 2020 Teck Highland Valley Cooper Corporation
Summary: Due to an incorrect mail merge operation, pension benefit statements sent to former employees were... [More]
P2020-ND-092 Sep 1 2020 Neptune Wellness Solutions Inc.
Summary: The organization's networks were encrypted by an unknown actor. The incident affected 345... [More]
P2020-ND-091 Sep 1 2020 Zoosk, Inc.
Summary: An unauthorized third party gained access to the Organization’s data stored in a database hosted by... [More]
P2020-ND-089 Jul 28 2020 Dubsmash Inc. and Mobile Motion GmbH (collectively, Dubsmash)
Summary: After a reporter contact the organization about the sale of potentially stolen information, the... [More]
P2020-ND-088 Jul 28 2020 Howard & Associates Psychological Services
Summary: The organization’s office was broken into, and the intruders stole intake forms from two employee... [More]
P2020-ND-087 Jul 28 2020 Alberta Society of Professional Biologists
Summary: A laptop went missing, and it may have stored an event attendees list. The incident affected 27... [More]
P2020-ND-086 Jul 28 2020 Running Room Canada
Summary: The organization’s web security team identified an SQL injection and confirmed unauthorized access... [More]
P2020-ND-085 Jul 28 2020 Nicola Wealth Management Ltd.
Summary: The organization discovered an unknown third party temporarily gained access to the CEO’s email... [More]
P2020-ND-084 Jul 24 2020 The Canada Life Assurance Company
Summary: Due to an administrative and system error, a plan member logged into the system and was able to see... [More]
P2020-ND-083 Jul 24 2020 IPC Investment Corporation
Summary: An advisor with the organization prepared documents to send to a client for completion, but entered... [More]
P2020-ND-081 Jul 24 2020 Westward Advisors Ltd.
Summary: A phishing attack against the organization was successful. The attacker also created a similar but... [More]
P2020-ND-080 Jul 24 2020 Rifco National Auto Finance Corporation
Summary: Two letters were inadvertently sent to two incorrect cell phone numbers. The incident affected two... [More]
P2020-ND-079 Jul 24 2020 Servus Credit Union
Summary: A briefcase was stolen from a Red Deer branch of the organization. The incident affected 21... [More]
P2020-ND-078 Jul 24 2020 ivari
Summary: A life insurance policy contract was placed in an incorrect courier envelope package. The incident... [More]
P2020-ND-077 Jul 24 2020 Pfizer Canada ULC
Summary: The organization found that an unauthorized third party gained access to one of its payroll service... [More]
P2020-ND-076 Jul 24 2020 Carnival Corporation & plc and its subsidiaries and brands
Summary: The organization discovered that an unauthorized third party gained access to some employee email... [More]
P2020-ND-075 Jul 17 2020 Capital Region Housing Corporation
Summary: Tenants who failed to pay their rent were issued notices to vacate. The site manager who did the... [More]
P2020-ND-074 Jul 17 2020 Hanna Andersson, LLC
Summary: Law enforcement informed the organization that credit cards used on its website were available for... [More]
P2020-ND-073 Jul 16 2020 Justin Warsylewicz
Summary: A vehicle belonging to the organization was broken into and a travel bag was stolen. The incident... [More]
P2020-ND-072 Jul 16 2020 Industrial Alliance Insurance and Financial Services Inc.
Summary: An insurance broker's briefcase, which included an insurance policy contract with personal... [More]
P2020-ND-071 Jul 16 2020 ExecuPharm, Inc.
Summary: The organization's data network was compromised by a cyber ransomware event conducted by malicious... [More]
P2020-ND-070 Jul 15 2020 Midwest Surveys Inc.
Summary: A series of emails, with a link to virus payload, was sent out from an employee's email account.... [More]
P2020-ND-069 Jul 15 2020 Marval Capital Ltd.
Summary: The organization's general email account was used to send out phishing emails. The incident... [More]
P2020-ND-068 Jul 15 2020 Tupperware U.S., Inc.
Summary: The organization identified unauthorized code had been inserted onto e-commerce websites. The... [More]
P2020-ND-067 Jul 15 2020 Pomeroy Lodging LP
Summary: The organization's office was broken into and multiple laptops and some paper files were stolen.... [More]
P2020-ND-066 Jul 15 2020 Capital Brands Distribution, LLC
Summary: The organization determined that an unauthorized user changed the website's checkout page to... [More]
P2020-ND-065 Jul 13 2020 WESCO Distribution Inc.
Summary: An employee's email account was compromised through a phishing email. The unknown actor placed an... [More]
P2020-ND-064 Jul 13 2020 Tenaris Group / TMK IPSCO Canada Ltd.
Summary: The organization identified a lack of security controls for certain files stored in a temporary... [More]
P2020-ND-063 Jul 13 2020 King Defence
Summary: An employee with the organization had his vehicle broken into and a cellphone was stolen. The... [More]
P2020-ND-062 Jun 5 2020 Lorne Steinberg Wealth Management Inc.
Summary: The organization determined that an unknown external actor gained access to the email accounts and... [More]
P2020-ND-061 Jun 5 2020 Mountain Equipment Co-op
Summary: The organization ran a pilot marketing campaign during which it sent the personal information at... [More]
P2020-ND-060 May 29 2020 Servus Credit Union Ltd.
Summary: An email containing mortgage renewal documents for an individual was sent to an unknown recipient... [More]
P2020-ND-059 May 29 2020 Avenue Living Communities Ltd.
Summary: The organization became aware that an unknown and unauthorized actor had altered an employee's... [More]
P2020-ND-058 Jun 12 2020 Investors Group Financial Services Inc.
Summary: A hacker gained access to the clients’ (husband and wife) email account and then proceeded to pose... [More]
P2020-ND-057 May 29 2020 ATB Financial
Summary: A team member's vehicle was stolen, which had in it a laptop and mortgage application paper... [More]
P2020-ND-056 May 29 2020 Lightspeed Technologies, Inc.
Summary: Customers of the organization reported receiving spoofed emails attempting to change the account... [More]
P2020-ND-055 May 25 2020 Attia Law Group
Summary: A lawyer with the organization lost a binder in the Edmonton Provincial Courthouse. The binder... [More]
P2020-ND-054 May 22 2020 Flexiti Financial Inc.
Summary: The organization received an email from someone purporting to be a hacker and claiming to have... [More]
P2020-ND-053 May 22 2020 Synergen Housing Corporation Ltd.
Summary: Personal information in meeting minutes was not redacted prior to the minutes being distributed to... [More]
P2020-ND-052 May 22 2020 Solium Capital UI-C
Summary: The organization reported that one of its contracted service providers determined that a former... [More]
P2020-ND-051 May 22 2020 ATB Financial
Summary: A safe was stolen from one of the organization's locations. The incident affected 15 Alberta... [More]
P2020-ND-050 May 21 2020 Master-Bilt Refrigeration Solutions
Summary: An unauthorized person accessed the email account of one of the organization's employees. A number... [More]
P2020-ND-047 May 19 2020 iA Financial Group
Summary: A vehicle belonging to an insurance agent working with the organization was broken into, and a... [More]
P2020-ND-046 May 19 2020 Grape Holding, NV
Summary: An unauthorized user accessed the organization’s reservation portfolios on a third party system.... [More]
P2020-ND-045 May 1 2020 London Life Insurance Company
Summary: A completed insurance application was mailed from an advisor's office in Edson to the... [More]
P2020-ND-044 May 1 2020 Servus Credit Union Ltd.
Summary: An employee of the organization verbally disclosed information about a loan application to an... [More]
P2020-ND-043 May 1 2020 ivari
Summary: An insurance advisor's car was broken into and a laptop was stolen. The information at issue was... [More]
P2020-ND-042 Apr 20 2020 Carly Buffalo RMT
Summary: A home office was broken into and a laptop containing the information at issue was stolen. The... [More]
P2020-ND-041 Apr 20 2020 TrueFire LLC
Summary: The organization discovered that an unauthorized person gained access to its computer system and... [More]
P2020-ND-040 Apr 8 2020 Co-operators General Insurance Company
Summary: During a claim investigation process, the organization’s claims representative provided licence... [More]
P2020-ND-039 Apr 1 2020 Web.com Group, Inc.
Summary: The organization became aware that a third party might have gained unauthorized access to a limited... [More]
P2020-ND-038 Apr 1 2020 Master Paints Institute (MPI) Canada, Inc.
Summary: The organization discovered a vulnerability in the shopping cart function on its website that... [More]
P2020-ND-037 Mar 30 2020 Mosaic Primary Care Network
Summary: An employee’s email account was compromised and used to impersonate an external software vendor. A... [More]
P2020-ND-036 Mar 17 2020 LifeLabs Inc.
Summary: A cyberattack involving unauthorized access to two web servers and two databases occurred. The... [More]
P2020-ND-035 Mar 9 2020 Chamberlain Group, Inc.
Summary: The organization discovered that a call center employee had not followed mandated security... [More]
P2020-ND-034 Mar 9 2020 SkipTheDishes Restaurant Services Inc.
Summary: The organization found account takeovers occurred as a result of individuals having lost control of... [More]
P2020-ND-033 Mar 9 2020 Guardian Law Group LLP
Summary: The organization was contacted by another law firm that reported it had received a suspicious email... [More]
P2020-ND-032 Mar 6 2020 Parvus Therapeutics Inc.
Summary: A consultant who provides human resource services to the organization was targeted with a phishing... [More]
P2020-ND-031 Mar 5 2020 Lethbridge Community Out of School Association
Summary: An employee of the organization was on a short term leave and the organization was looking for... [More]
P2020-ND-030 Mar 4 2020 Sprott Money Ltd.
Summary: The organization’s website was compromised as a result of malicious code uploaded by an... [More]
P2020-ND-029 Mar 4 2020 The Canada Life Assurance Company
Summary: The organization contacted a residential tenant regarding her parking rent. The individual advised... [More]
P2020-ND-028 Mar 4 2020 Syncrude Canada Inc.
Summary: An employee who was ill was assessed by a nurse on-site and sent home. The employee mentioned that... [More]
P2020-ND-027 Mar 4 2020 News America Marketing Digital LLC
Summary: The organization learned an unauthorized third party attempted to gain access to Checkout 51... [More]
P2020-ND-026 Mar 4 2020 Association of Professional Engineers and Geoscientists of Alberta
Summary: An employee’s email/laptop was accessed without authorization. Phishing emails were received by... [More]
P2020-ND-025 Mar 4 2020 PAR Technology Corporation
Summary: The organization found that 11 employee email accounts were accessed without authorization. The... [More]
P2020-ND-024 Mar 3 2020 StockX LLC
Summary: The organization found that an unknown third party had been able to gain unauthorized access to... [More]
P2020-ND-023 Mar 3 2020 Economical Mutual Insurance Company
Summary: An independent insurance claims adjusting firm engaged by the organization to adjust property... [More]
P2020-ND-022 Feb 21 2020 Koff Productions
Summary: The OIPC received an email from an employee of another provincial government stating he had... [More]
P2020-ND-021 Feb 14 2020 National Baseball Hall of Fame and Museum
Summary: An unauthorized third party injected malicious code into the organization’s web store. The incident... [More]
P2020-ND-020 Feb 14 2020 Skip The Dishes Restaurant Services Inc.
Summary: Unknown individual(s) used credential stuffing to gain access to the organization’s courier... [More]
P2020-ND-019 Feb 14 2020 RBC Life Insurance Company
Summary: The organization emailed a claimant’s letter to the claimant’s employer in error. The letter was... [More]
P2020-ND-018 Feb 13 2020 Health Standards Organization (HSO) and Accreditation Canada (AC)
Summary: The organization's IT systems were impacted by ransomware that encrypts all data on the infected... [More]
P2020-ND-017 Feb 13 2020 PetroChina Canada Ltd.
Summary: Malware was discovered on an end user laptop. The incident affected one individual in Alberta, and... [More]
P2020-ND-016 Feb 13 2020 Quarterhill Inc.
Summary: An employee responsible for human resource functions used a corporate owned laptop to access a file... [More]
P2020-ND-015 Feb 13 2020 Kearns, Brinen & Monaghan
Summary: Two employees of the organization each received a phishing email with a hyperlink. The employees... [More]
P2020-ND-014 Feb 13 2020 First National Financial LP
Summary: The account credentials of an employee of the organization were compromised during a credential... [More]
P2020-ND-013 Feb 13 2020 Leafly Holdings, Inc.
Summary: The organization was contacted by a security researcher who advised that he had obtained a set of... [More]
P2020-ND-012 Feb 13 2020 OrthoAccel Technologies, Inc.
Summary: The organization confirmed one of its email account users was the victim of a phishing event that... [More]
P2020-ND-011 Feb 12 2020 Omista Credit Union Limited
Summary: The organization was made aware of an email phishing incident that affected a number of its... [More]
P2020-ND-010 Feb 12 2020 The Driving Force Inc.
Summary: The organization discovered that, due to a phishing scheme, an unauthorized third party gained... [More]
P2020-ND-009 Feb 11 2020 Servus Credit Union Ltd.
Summary: An unauthorized individual was able to successfully access a member’s account. The incident... [More]
P2020-ND-008 Feb 11 2020 Beakerhead Creative Society
Summary: The organization was not able to determine whether an email distribution list that had been... [More]
P2020-ND-007 Feb 11 2020 Eye Safety Systems, Inc.
Summary: The organization concluded that an unauthorized individual or group extracted personal information... [More]
P2020-ND-006 Feb 11 2020 Rifco National Auto Finance
Summary: An employee was conversing by email with a customer and inadvertently used the ongoing email string... [More]
P2020-ND-005 Feb 11 2020 Manufacturers Life Insurance Company of Canada
Summary: Anomalous activity on the organization's group retirements business' plan member website appeared... [More]
P2020-ND-004 Feb 11 2020 Feld Entertainment, Inc.
Summary: The organization confirmed unauthorized access to certain employee accounts related to a phishing... [More]
P2020-ND-003 Jan 31 2020 Employer's Resource Council
Summary: The organization determined that an unauthorized actor accessed two of its employees' email... [More]
P2020-ND-002 Jan 31 2020 Carl's Golfland
Summary: A webshell was inserted into the organization’s website through a vulnerability and brute force... [More]
P2020-ND-001 Jan 31 2020 Industrial Alliance Insurance and Financial Services Inc.
Summary: The email account of a representative of the organization was accessed as the result of a phishing... [More]
Page: of 1
Loading... Please Wait