Loading... Please Wait
The Personal Information Protection Act requires breach notification to the Commissioner and affected individuals by private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
The Commissioner also makes available certain decisions made under the Health Information Act. A custodian may decide not to give notice of a breach where they believe notification to an affected individual could reasonably be expected to result in a risk of harm to the individual’s mental of physical health (section 60.1(5)). When deciding not to give notice, the custodian must notify the Commissioner. The Commissioner may confirm the custodian’s decision not to notify or by order require notice to the affected individual (section 85.1(2)).
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
| Decision | Date | Body |
|---|---|---|
| P2021-ND-132 | May 18 2021 | Warner Music Group Corporation |
| Summary: An unauthorized third party compromised a number of websites hosted by a third party service... [More] | ||
| P2021-ND-131 | May 18 2021 | J.V. Driver Corporation Inc. |
| Summary: An employee was subject to a phishing attack. The incident affected 2,389 Alberta residents. | ||
| P2021-ND-130 | May 18 2021 | Minto Multi-Residential Income Partners I, IP |
| Summary: An office was broken into and rental application packages and personal cheques were stolen. The... [More] | ||
| P2021-ND-129 | May 12 2021 | Bombas LLC |
| Summary: The organization discovered malicious code was placed on its e-commerce website hosted by a third... [More] | ||
| P2021-ND-128 | May 12 2021 | Leede Jones Gable Inc. |
| Summary: An employee was subject to a phishing attack. The incident affected 22 individuals, including two... [More] | ||
| P2021-ND-124 | Apr 27 2021 | Relevant Radio |
| Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
| P2021-ND-123 | Apr 27 2021 | Savers, Inc. |
| Summary: An employee was subject to a phishing attack. The incident affected 147 individuals, including two... [More] | ||
| P2021-ND-122 | Apr 27 2021 | Rakuten Kobo Inc. |
| Summary: An employee was subject to a phishing attack. The incident affected 189 individuals, including 14... [More] | ||
| P2021-ND-121 | Apr 27 2021 | Blue Buffalo Company, Ltd. |
| Summary: An unauthorized party gained access to the organization’s network via the exploitation of a... [More] | ||
| P2021-ND-120 | Apr 27 2021 | Century 21 Department Stores LLC |
| Summary: The organization found unauthorized code on its website. The incident affected 7,213 individuals,... [More] | ||
| P2021-ND-119 | Apr 27 2021 | World Financial Group Canada Inc. |
| Summary: A password protected laptop containing client information was stolen from a locked vehicle. The... [More] | ||
| P2021-ND-118 | Apr 27 2021 | Mountain View Credit Union |
| Summary: The organization inadvertently mailed an annual post-review letter and a non-compliance letter to... [More] | ||
| P2021-ND-117 | Apr 27 2021 | Luxottica of America Inc. |
| Summary: An automated attack was carried out against the organization's scheduling application. The incident... [More] | ||
| P2021-ND-115 | Apr 20 2021 | Expedia |
| Summary: An attacker may have gained access to personal information stored on an online platform, which the... [More] | ||
| P2021-ND-113 | Apr 20 2021 | The Results Companies, LLC |
| Summary: The organization discovered unauthorized access to an employee's email account. The incident... [More] | ||
| P2021-ND-112 | Mar 31 2021 | Worldwide Insurance Services, LLC |
| Summary: The organization determined that an unauthorized party may have obtained credentials to two... [More] | ||
| P2021-ND-110 | Apr 7 2021 | Nodor International Limited (trading as Red Dragon Darts) |
| Summary: The organization's website was compromised by malicious code that collected data from the payment... [More] | ||
| P2021-ND-109 | Mar 31 2021 | Adventus Opportunity Fund |
| Summary: Social insurance numbers were visible through envelope windows, as a result of an incorrect... [More] | ||
| P2021-ND-108 | Mar 31 2021 | Salta Gymnastics Club |
| Summary: A hidden audio device was found behind a picture frame in the organization's staff room. The... [More] | ||
| P2021-ND-107 | Apr 7 2021 | Opportunity International Canada |
| Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
| P2021-ND-106 | Mar 31 2021 | Tamarack Psychology |
| Summary: A phishing attack led to unauthorized access to an email account. The incident affected 64 Alberta... [More] | ||
| P2021-ND-105 | Mar 31 2021 | CM Group Holdings, Inc. d/b/a Creative Memories |
| Summary: Credit and debit card information for certain transactions may have been subject to unauthorized... [More] | ||
| P2021-ND-104 | Mar 31 2021 | Richardson GMP Ltd. |
| Summary: An investment advisor sent portfolio evaluations about a client to the wrong recipient. The... [More] | ||
| P2021-ND-103 | Mar 31 2021 | Penguin Random House Canada |
| Summary: A mailing error resulted in tax slips being sent to the wrong recipients. The incident affected... [More] | ||
| P2021-ND-102 | Mar 31 2021 | Best Buy Canada Ltd. |
| Summary: An SSD card used to back up computer data was lost. The incident affected one individual. | ||
| P2021-ND-101 | Mar 31 2021 | Alberta School Employee Benefit Plan |
| Summary: An individual received in error a statement about psychological treatment not being covered through... [More] | ||
| P2021-ND-100 | Mar 31 2021 | The Globe and Mail Inc. |
| Summary: A customer service representative, employed by a third party service provider, used a customer's... [More] | ||
| P2021-ND-099 | Mar 31 2021 | Ivanhoe Cambridge |
| Summary: An unauthorized script was placed on the organization's ecommerce website, which is maintained by a... [More] | ||
| P2021-ND-098 | Mar 31 2021 | NBA Media Ventures, LLC |
| Summary: An unauthorized intruder accessed a computer server that contained information about individuals... [More] | ||
| P2021-ND-096 | Mar 30 2021 | Carscallen LLP |
| Summary: A statement of benefits was lost while being transported from a home office to the organization's... [More] | ||
| P2021-ND-094 | Mar 30 2021 | Bunzl North America |
| Summary: Order information from a website may have been exposed to an unauthorized third party. The... [More] | ||
| P2021-ND-093 | Mar 30 2021 | Laura Gilligan, Occupational Therapist |
| Summary: A document was shared with the wrong email address. The incident affected two individuals in... [More] | ||
| P2021-ND-092 | Mar 30 2021 | Oklahoma Department of Securities |
| Summary: A firewall vulnerability made a server accessible. The incident affected 13 individuals in Alberta. | ||
| P2021-ND-091 | Mar 30 2021 | Gray Monk Estate Winery |
| Summary: A document containing personal information was inadvertently attached to an email. The incident... [More] | ||
| P2021-ND-090 | Mar 30 2021 | Samsung Electronics Canada Inc. |
| Summary: A third party service provider's employee was subject to a phishing attack. Personal information... [More] | ||
| P2021-ND-089 | Mar 16 2021 | AUPE |
| Summary: A staff member’s laptop was stolen from their vehicle. The incident affected three members, as well... [More] | ||
| P2021-ND-087 | Mar 16 2021 | Society of Composers, Authors and Music Publishers of Canada (SOCAN) |
| Summary: An employee of the organization posted files containing royalty statements to certain members'... [More] | ||
| P2021-ND-086 | Mar 16 2021 | Houzz Inc. |
| Summary: The organization was contacted by a security researcher about a data file the researcher had... [More] | ||
| P2021-ND-085 | Mar 16 2021 | College and Association of Registered Nurses of Alberta |
| Summary: Two employees stored documentation intended for shredding in bins which were mistaken for recycling... [More] | ||
| P2021-ND-083 | Mar 16 2021 | Trans Union Consumer Interactive, Inc. |
| Summary: The organization's Canadian consumer-facing website was subject to a credential stuffing attack.... [More] | ||
| P2021-ND-082 | Mar 16 2021 | Yellow Pages Digital & Media Solutions Limited |
| Summary: An email appearing to be from a senior executive of the organization was from an unauthorized... [More] | ||
| P2021-ND-079 | Mar 9 2021 | CDSPI |
| Summary: An employee with the organization inadvertently enclosed a copy of an individual’s application for... [More] | ||
| P2021-ND-078 | Mar 9 2021 | Geo Logic Systems Ltd. |
| Summary: A third party contractor notified the organization that a data breach had occurred which consisted... [More] | ||
| P2021-ND-076 | Mar 9 2021 | Saybrook University |
| Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
| P2021-ND-075 | Mar 9 2021 | Rooster Teeth Productions, LLC |
| Summary: The organization discovered that malicious code had been added to its ecommerce site. The incident... [More] | ||
| P2021-ND-073 | Mar 9 2021 | Keurig Canada Inc. |
| Summary: Customer email addresses were mistakenly entered in the CC line, rather than the BCC line for email... [More] | ||
| P2021-ND-072 | Mar 9 2021 | Windward Software Systems Inc. |
| Summary: The organization was subject to a cyberattack, including ransomware. The incident affected 148... [More] | ||
| P2021-ND-071 | Mar 9 2021 | Direct Energy Marketing Limited |
| Summary: A service provider to the organization was subject to a ransomware attack. The incident affected... [More] | ||
| P2021-ND-070 | Mar 9 2021 | POWER Engineers, Inc. |
| Summary: The organization investigated and determined that there was unauthorized access to certain email... [More] | ||
| P2021-ND-068 | Mar 9 2021 | Sun Life Financial |
| Summary: The organization sent a letter to the wrong client. The incident affected one Alberta resident. | ||
| P2021-ND-067 | Mar 9 2021 | Boardwalk Rental Communities |
| Summary: Multiple documents and electronic devices were stolen from the organization's premises. The... [More] | ||
| P2021-ND-066 | Mar 9 2021 | Rifco National Auto Finance |
| Summary: A void cheque from a customer was inadvertently emailed to another customer. The incident affected... [More] | ||
| P2021-ND-064 | Mar 9 2021 | Rocky Mountain House Society dba Rocky Mountain Support Services Society |
| Summary: The organization experienced a ransomware attack. The incident affected approximately 113... [More] | ||
| P2021-ND-062 | Mar 9 2021 | Employee Benefit Funds Administration Ltd. |
| Summary: An employee with the organization inadvertently switched two claims cheques and the cheques were... [More] | ||
| P2021-ND-061 | Mar 9 2021 | Natural Gas Employees' Association |
| Summary: Information at issue was circulated via email and posted on the organization's secure website. The... [More] | ||
| P2021-ND-060 | Mar 9 2021 | GroupHEALTH Family of Companies |
| Summary: An employee's email account was accessed by an unauthorized third party. The incident affected... [More] | ||
| P2021-ND-059 | Mar 9 2021 | Marchand Psychological Services |
| Summary: The organization's office was broken into and session notes went missing. The incident affected 11... [More] | ||
| P2021-ND-058 | Mar 9 2021 | PPI Management Inc. |
| Summary: A phishing attack compromised approximately seven email accounts. The incident affected 5,117... [More] | ||
| P2021-ND-057 | Mar 9 2021 | Desjardins Financial Security |
| Summary: An employee of the organization accessed and used personal information of a number of group... [More] | ||
| P2021-ND-056 | Mar 9 2021 | Desjardins Group |
| Summary: The organization learned from police that one of its employees exfiltrated client personal... [More] | ||
| P2021-ND-055 | Mar 9 2021 | Sustainable Produce Urban Delivery, Inc. |
| Summary: A phishing attack resulted in a third party setting up an email forwarding rule. The incident... [More] | ||
| P2021-ND-053 | Mar 2 2021 | Edmonton Humane Society |
| Summary: Personal information was mistakenly published on the organization's website. | ||
| P2021-ND-052 | Mar 2 2021 | AppCarouselDirect Inc. |
| Summary: An employee of a third party service provider to the organization improperly accessed and collected... [More] | ||
| P2021-ND-051 | Mar 2 2021 | Trans Union of Canada Inc. |
| Summary: The organization determined that the user credentials for one of its corporate customers had been... [More] | ||
| P2021-ND-050 | Mar 2 2021 | Canbriam Energy Inc. |
| Summary: An employee of a service provider to the organization improperly accessed and collected some of the... [More] | ||
| P2021-ND-049 | Mar 2 2021 | Life Fitness, a division of Brunswick Corporation |
| Summary: The organization received an email from a third party security firm advising that it had discovered... [More] | ||
| P2021-ND-048 | Mar 2 2021 | Alberta College and Association of Opticians |
| Summary: The organization's website was hacked and the unauthorized users granted themselves administration... [More] | ||
| P2021-ND-047 | Mar 2 2021 | BlockFi, Inc. |
| Summary: The organization was subject to a phishing attack after an employee's smartphone SIM card had been... [More] | ||
| P2021-ND-046 | Mar 2 2021 | Rifco National Auto Finance |
| Summary: An email thread with a customer was inadvertently sent to a different customer. The incident... [More] | ||
| P2021-ND-045 | Mar 2 2021 | RedBloom Salons |
| Summary: A storage locker was broken into and paper files were stolen. The incident affected 54 Alberta... [More] | ||
| P2021-ND-044 | Mar 2 2021 | The Country Day School |
| Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
| P2021-ND-043 | Mar 2 2021 | Belden Canada ULC |
| Summary: An unauthorized third party gained access to the organization's business servers. The incident... [More] | ||
| P2021-ND-042 | Mar 2 2021 | CDN Controls Ltd. |
| Summary: The organization was subject to a ransomware attack. The incident affected 870 Alberta residents. | ||
| P2021-ND-041 | Mar 2 2021 | Kroto Inc., dba iCanvas |
| Summary: Unauthorized script was placed on the checkout page in the organization's website. The incident... [More] | ||
| P2021-ND-040 | Mar 2 2021 | Brookfield Residential Properties Inc. |
| Summary: A phishing attack led to unauthorized access to the organization's network(s). The incident... [More] | ||
| P2021-ND-039 | Mar 2 2021 | ivari |
| Summary: Insurance policy contracts were placed into incorrect courier packages and then were delivered to... [More] | ||
| P2021-ND-038 | Feb 23 2021 | Claire’s Store Inc. |
| Summary: Unauthorized code was identified on the organization's ecommerce site. The incident affected five... [More] | ||
| P2021-ND-037 | Feb 23 2021 | Leduc Mechanical Industries Inc. |
| Summary: An individual acted as though they were an employee of a third party service provider. The... [More] | ||
| P2021-ND-036 | Feb 23 2021 | ivari |
| Summary: An insurance advisor's car was broken into and a briefcase containing laptops and paper files was... [More] | ||
| P2021-ND-034 | Feb 23 2021 | Best Buy Canada Ltd. |
| Summary: A computer sent for repair was lost in transit. The incident affected one individual. | ||
| P2021-ND-032 | Feb 23 2021 | Southgate Medallion Family Day Homes Ltd. |
| Summary: A staff member's vehicle was stolen. The vehicle contained an unencrypted USB drive with personal... [More] | ||
| P2021-ND-031 | Feb 23 2021 | Raymond James Financial Planning Ltd. |
| Summary: A contract was lost in transit. The incident affected one Alberta resident. | ||
| P2021-ND-030 | Feb 23 2021 | Young Men’s Christian Association of Edmonton (YMCA of Northern Alberta) |
| Summary: An emergency bag containing information about 11 children in care was stolen from an employee's... [More] | ||
| P2021-ND-029 | Feb 23 2021 | DIRTT Environmental Solutions Ltd. |
| Summary: A spreadsheet containing personal information was inadvertently sent to the organization's internal... [More] | ||
| P2021-ND-028 | Feb 23 2021 | Herbers Autobody Repair Inc. |
| Summary: A staff member opened a phishing email attachment that contained malware. The incident affected... [More] | ||
| P2021-ND-026 | Feb 23 2021 | Frederick W. Howarth III d/b/a TBG West Insurance Services |
| Summary: The organization was subject to a ransomware attack. The incident affected 41 Alberta residents. | ||
| P2021-ND-025 | Feb 23 2021 | YogaFit Training Systems Worldwide, Inc. |
| Summary: The organization was subject to a cyberattack that resulted in unauthorized access to customers'... [More] | ||
| P2021-ND-024 | Feb 23 2021 | American Public Works Association |
| Summary: Customer information was accessed without authorization through the organization's online store.... [More] | ||
| P2021-ND-023 | Feb 23 2021 | Pivot Technology Solutions Inc. |
| Summary: The organization was subject to a ransomware attack. The incident affected 156 Canadians, including... [More] | ||
| P2021-ND-022 | Feb 23 2021 | Mitten Building Products |
| Summary: An unauthorized individual accessed some employee email accounts. The incident affected 91... [More] | ||
| P2021-ND-021 | Feb 23 2021 | Branksome Hall |
| Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
| P2021-ND-020 | Feb 23 2021 | Edmonton Soccer Association Facilities |
| Summary: The organization's office was broken into. The perpetrator(s) went through numerous filing cabinets... [More] | ||
| P2021-ND-019 | Feb 23 2021 | Victoria’s Secret Store Brand Management, LLC |
| Summary: The organization learned that an unauthorized individual gained access to personal information in... [More] | ||
| P2021-ND-018 | Feb 16 2021 | Christian Labour Association of Canada |
| Summary: Job profiles were inadvertently made available to search crawlers for indexing in search engines.... [More] | ||
| P2021-ND-016 | Feb 16 2021 | JTI-Macdonald Corporation |
| Summary: Salary compensation information was inadvertently made publicly available on a cloud server. The... [More] | ||
| P2021-ND-015 | Feb 16 2021 | Richardson GMP Ltd. |
| Summary: An administrative error caused an investment update document to be inadvertently mailed to out of... [More] | ||
| P2021-ND-014 | Feb 16 2021 | Salta Gymnastics Club |
| Summary: A board meeting was audiotaped, including the ‘in camera’ session where two employees’ employment... [More] | ||
| P2021-ND-013 | Feb 16 2021 | Association of Professional Engineers and Geoscientists of Alberta |
| Summary: The organization sent reminder notices on overdue continuing professional development submissions... [More] | ||
| P2021-ND-012 | Feb 15 2021 | Connect First Credit Union Ltd. |
| Summary: A printing error by a third party vendor led to financial investment renewal notices including some... [More] | ||
| P2021-ND-010 | Feb 16 2021 | Best Buy Canada Ltd. |
| Summary: A booklet containing a form with personal information was misplaced. The incident affected 67... [More] | ||
| P2021-ND-009 | Feb 16 2021 | Aurora Cannabis Enterprises Inc. |
| Summary: The organization was subject to a cyberattack involving unauthorized access to its SharePoint... [More] | ||
| P2021-ND-008 | Mar 31 2021 | Servus Credit Union Ltd. |
| Summary: An error in the printing and folding of tax receipts resulted in social insurance numbers being... [More] | ||
| P2021-ND-007 | Feb 16 2021 | ATB Financial |
| Summary: An employee's vehicles was broken into and a backpack containing an encrypted laptop, encrypted... [More] | ||
| P2021-ND-006 | Feb 16 2021 | Don Wheaton Chevrolet GMC Buick Cadillac Ltd. |
| Summary: A phishing email was opened which activated malware. The incident affected 4,000 Alberta residents. | ||
| P2021-ND-005 | Feb 16 2021 | Ridley College School |
| Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
| P2021-ND-004 | Feb 16 2021 | London Life Insurance Company |
| Summary: An insurance contract was lost during transit. The incident affected three individuals in Alberta. | ||
| P2021-ND-003 | Jan 26 2021 | AltaSteel, Inc. |
| Summary: An email forwarding rule was set up without authorization. Three email accounts were sending emails... [More] | ||
| P2021-ND-002 | Jan 26 2021 | Deluxe Small Business Sales Inc., operating as MAC Highway |
| Summary: The organization discovered that the password for an administrative portal was compromised and an... [More] | ||
| P2021-ND-001 | Jan 26 2021 | Custom Electric Ltd. |
| Summary: A phishing attempt resulted in an internal email, with employee payroll earning statements... [More] | ||
Copyright 2021 OIPC. All rights reserved.