OIPC Logo

Breach Notification Decisions

2021

The Personal Information Protection Act requires breach notification to the Commissioner and affected individuals by private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.

The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.

The Commissioner also makes available certain decisions made under the Health Information Act. A custodian may decide not to give notice of a breach where they believe notification to an affected individual could reasonably be expected to result in a risk of harm to the individual’s mental of physical health (section 60.1(5)). When deciding not to give notice, the custodian must notify the Commissioner. The Commissioner may confirm the custodian’s decision not to notify or by order require notice to the affected individual (section 85.1(2)).

Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.

Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.

  • Year:
  • Legislation:
  • Search:
Page: of 1
Decision Date Body
P2021-ND-112 Mar 31 2021 Worldwide Insurance Services, LLC
Summary: The organization determined that an unauthorized party may have obtained credentials to two... [More]
P2021-ND-110 Apr 7 2021 Nodor International Limited (trading as Red Dragon Darts)
Summary: The organization's website was compromised by malicious code that collected data from the payment... [More]
P2021-ND-109 Mar 31 2021 Adventus Opportunity Fund
Summary: Social insurance numbers were visible through envelope windows, as a result of an incorrect... [More]
P2021-ND-108 Mar 31 2021 Salta Gymnastics Club
Summary: A hidden audio device was found behind a picture frame in the organization's staff room. The... [More]
P2021-ND-107 Apr 7 2021 Opportunity International Canada
Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More]
P2021-ND-106 Mar 31 2021 Tamarack Psychology
Summary: A phishing attack led to unauthorized access to an email account. The incident affected 64 Alberta... [More]
P2021-ND-105 Mar 31 2021 CM Group Holdings, Inc. d/b/a Creative Memories
Summary: Credit and debit card information for certain transactions may have been subject to unauthorized... [More]
P2021-ND-104 Mar 31 2021 Richardson GMP Ltd.
Summary: An investment advisor sent portfolio evaluations about a client to the wrong recipient. The... [More]
P2021-ND-103 Mar 31 2021 Penguin Random House Canada
Summary: A mailing error resulted in tax slips being sent to the wrong recipients. The incident affected... [More]
P2021-ND-102 Mar 31 2021 Best Buy Canada Ltd.
Summary: An SSD card used to back up computer data was lost. The incident affected one individual.
P2021-ND-101 Mar 31 2021 Alberta School Employee Benefit Plan
Summary: An individual received in error a statement about psychological treatment not being covered through... [More]
P2021-ND-100 Mar 31 2021 The Globe and Mail Inc.
Summary: A customer service representative, employed by a third party service provider, used a customer's... [More]
P2021-ND-099 Mar 31 2021 Ivanhoe Cambridge
Summary: An unauthorized script was placed on the organization's ecommerce website, which is maintained by a... [More]
P2021-ND-098 Mar 31 2021 NBA Media Ventures, LLC
Summary: An unauthorized intruder accessed a computer server that contained information about individuals... [More]
P2021-ND-096 Mar 30 2021 Carscallen LLP
Summary: A statement of benefits was lost while being transported from a home office to the organization's... [More]
P2021-ND-094 Mar 30 2021 Bunzl North America
Summary: Order information from a website may have been exposed to an unauthorized third party. The... [More]
P2021-ND-093 Mar 30 2021 Laura Gilligan, Occupational Therapist
Summary: A document was shared with the wrong email address. The incident affected two individuals in... [More]
P2021-ND-092 Mar 30 2021 Oklahoma Department of Securities
Summary: A firewall vulnerability made a server accessible. The incident affected 13 individuals in Alberta.
P2021-ND-091 Mar 30 2021 Gray Monk Estate Winery
Summary: A document containing personal information was inadvertently attached to an email. The incident... [More]
P2021-ND-090 Mar 30 2021 Samsung Electronics Canada Inc.
Summary: A third party service provider's employee was subject to a phishing attack. Personal information... [More]
P2021-ND-089 Mar 16 2021 AUPE
Summary: A staff member’s laptop was stolen from their vehicle. The incident affected three members, as well... [More]
P2021-ND-087 Mar 16 2021 Society of Composers, Authors and Music Publishers of Canada (SOCAN)
Summary: An employee of the organization posted files containing royalty statements to certain members'... [More]
P2021-ND-086 Mar 16 2021 Houzz Inc.
Summary: The organization was contacted by a security researcher about a data file the researcher had... [More]
P2021-ND-085 Mar 16 2021 College and Association of Registered Nurses of Alberta
Summary: Two employees stored documentation intended for shredding in bins which were mistaken for recycling... [More]
P2021-ND-083 Mar 16 2021 Trans Union Consumer Interactive, Inc.
Summary: The organization's Canadian consumer-facing website was subject to a credential stuffing attack.... [More]
P2021-ND-082 Mar 16 2021 Yellow Pages Digital & Media Solutions Limited
Summary: An email appearing to be from a senior executive of the organization was from an unauthorized... [More]
P2021-ND-079 Mar 9 2021 CDSPI
Summary: An employee with the organization inadvertently enclosed a copy of an individual’s application for... [More]
P2021-ND-078 Mar 9 2021 Geo Logic Systems Ltd.
Summary: A third party contractor notified the organization that a data breach had occurred which consisted... [More]
P2021-ND-076 Mar 9 2021 Saybrook University
Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More]
P2021-ND-075 Mar 9 2021 Rooster Teeth Productions, LLC
Summary: The organization discovered that malicious code had been added to its ecommerce site. The incident... [More]
P2021-ND-073 Mar 9 2021 Keurig Canada Inc.
Summary: Customer email addresses were mistakenly entered in the CC line, rather than the BCC line for email... [More]
P2021-ND-072 Mar 9 2021 Windward Software Systems Inc.
Summary: The organization was subject to a cyberattack, including ransomware. The incident affected 148... [More]
P2021-ND-071 Mar 9 2021 Direct Energy Marketing Limited
Summary: A service provider to the organization was subject to a ransomware attack. The incident affected... [More]
P2021-ND-070 Mar 9 2021 POWER Engineers, Inc.
Summary: The organization investigated and determined that there was unauthorized access to certain email... [More]
P2021-ND-068 Mar 9 2021 Sun Life Financial
Summary: The organization sent a letter to the wrong client. The incident affected one Alberta resident.
P2021-ND-067 Mar 9 2021 Boardwalk Rental Communities
Summary: Multiple documents and electronic devices were stolen from the organization's premises. The... [More]
P2021-ND-066 Mar 9 2021 Rifco National Auto Finance
Summary: A void cheque from a customer was inadvertently emailed to another customer. The incident affected... [More]
P2021-ND-064 Mar 9 2021 Rocky Mountain House Society dba Rocky Mountain Support Services Society
Summary: The organization experienced a ransomware attack. The incident affected approximately 113... [More]
P2021-ND-062 Mar 9 2021 Employee Benefit Funds Administration Ltd.
Summary: An employee with the organization inadvertently switched two claims cheques and the cheques were... [More]
P2021-ND-061 Mar 9 2021 Natural Gas Employees' Association
Summary: Information at issue was circulated via email and posted on the organization's secure website. The... [More]
P2021-ND-060 Mar 9 2021 GroupHEALTH Family of Companies
Summary: An employee's email account was accessed by an unauthorized third party. The incident affected... [More]
P2021-ND-059 Mar 9 2021 Marchand Psychological Services
Summary: The organization's office was broken into and session notes went missing. The incident affected 11... [More]
P2021-ND-058 Mar 9 2021 PPI Management Inc.
Summary: A phishing attack compromised approximately seven email accounts. The incident affected 5,117... [More]
P2021-ND-057 Mar 9 2021 Desjardins Financial Security
Summary: An employee of the organization accessed and used personal information of a number of group... [More]
P2021-ND-056 Mar 9 2021 Desjardins Group
Summary: The organization learned from police that one of its employees exfiltrated client personal... [More]
P2021-ND-055 Mar 9 2021 Sustainable Produce Urban Delivery, Inc.
Summary: A phishing attack resulted in a third party setting up an email forwarding rule. The incident... [More]
P2021-ND-053 Mar 2 2021 Edmonton Humane Society
Summary: Personal information was mistakenly published on the organization's website.
P2021-ND-052 Mar 2 2021 AppCarouselDirect Inc.
Summary: An employee of a third party service provider to the organization improperly accessed and collected... [More]
P2021-ND-051 Mar 2 2021 Trans Union of Canada Inc.
Summary: The organization determined that the user credentials for one of its corporate customers had been... [More]
P2021-ND-050 Mar 2 2021 Canbriam Energy Inc.
Summary: An employee of a service provider to the organization improperly accessed and collected some of the... [More]
P2021-ND-049 Mar 2 2021 Life Fitness, a division of Brunswick Corporation
Summary: The organization received an email from a third party security firm advising that it had discovered... [More]
P2021-ND-048 Mar 2 2021 Alberta College and Association of Opticians
Summary: The organization's website was hacked and the unauthorized users granted themselves administration... [More]
P2021-ND-047 Mar 2 2021 BlockFi, Inc.
Summary: The organization was subject to a phishing attack after an employee's smartphone SIM card had been... [More]
P2021-ND-046 Mar 2 2021 Rifco National Auto Finance
Summary: An email thread with a customer was inadvertently sent to a different customer. The incident... [More]
P2021-ND-045 Mar 2 2021 RedBloom Salons
Summary: A storage locker was broken into and paper files were stolen. The incident affected 54 Alberta... [More]
P2021-ND-044 Mar 2 2021 The Country Day School
Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More]
P2021-ND-043 Mar 2 2021 Belden Canada ULC
Summary: An unauthorized third party gained access to the organization's business servers. The incident... [More]
P2021-ND-042 Mar 2 2021 CDN Controls Ltd.
Summary: The organization was subject to a ransomware attack. The incident affected 870 Alberta residents.
P2021-ND-041 Mar 2 2021 Kroto Inc., dba iCanvas
Summary: Unauthorized script was placed on the checkout page in the organization's website. The incident... [More]
P2021-ND-040 Mar 2 2021 Brookfield Residential Properties Inc.
Summary: A phishing attack led to unauthorized access to the organization's network(s). The incident... [More]
P2021-ND-039 Mar 2 2021 ivari
Summary: Insurance policy contracts were placed into incorrect courier packages and then were delivered to... [More]
P2021-ND-038 Feb 23 2021 Claire’s Store Inc.
Summary: Unauthorized code was identified on the organization's ecommerce site. The incident affected five... [More]
P2021-ND-037 Feb 23 2021 Leduc Mechanical Industries Inc.
Summary: An individual acted as though they were an employee of a third party service provider. The... [More]
P2021-ND-036 Feb 23 2021 ivari
Summary: An insurance advisor's car was broken into and a briefcase containing laptops and paper files was... [More]
P2021-ND-034 Feb 23 2021 Best Buy Canada Ltd.
Summary: A computer sent for repair was lost in transit. The incident affected one individual.
P2021-ND-032 Feb 23 2021 Southgate Medallion Family Day Homes Ltd.
Summary: A staff member's vehicle was stolen. The vehicle contained an unencrypted USB drive with personal... [More]
P2021-ND-031 Feb 23 2021 Raymond James Financial Planning Ltd.
Summary: A contract was lost in transit. The incident affected one Alberta resident.
P2021-ND-030 Feb 23 2021 Young Men’s Christian Association of Edmonton (YMCA of Northern Alberta)
Summary: An emergency bag containing information about 11 children in care was stolen from an employee's... [More]
P2021-ND-029 Feb 23 2021 DIRTT Environmental Solutions Ltd.
Summary: A spreadsheet containing personal information was inadvertently sent to the organization's internal... [More]
P2021-ND-028 Feb 23 2021 Herbers Autobody Repair Inc.
Summary: A staff member opened a phishing email attachment that contained malware. The incident affected... [More]
P2021-ND-026 Feb 23 2021 Frederick W. Howarth III d/b/a TBG West Insurance Services
Summary: The organization was subject to a ransomware attack. The incident affected 41 Alberta residents.
P2021-ND-025 Feb 23 2021 YogaFit Training Systems Worldwide, Inc.
Summary: The organization was subject to a cyberattack that resulted in unauthorized access to customers'... [More]
P2021-ND-024 Feb 23 2021 American Public Works Association
Summary: Customer information was accessed without authorization through the organization's online store.... [More]
P2021-ND-023 Feb 23 2021 Pivot Technology Solutions Inc.
Summary: The organization was subject to a ransomware attack. The incident affected 156 Canadians, including... [More]
P2021-ND-022 Feb 23 2021 Mitten Building Products
Summary: An unauthorized individual accessed some employee email accounts. The incident affected 91... [More]
P2021-ND-021 Feb 23 2021 Branksome Hall
Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More]
P2021-ND-020 Feb 23 2021 Edmonton Soccer Association Facilities
Summary: The organization's office was broken into. The perpetrator(s) went through numerous filing cabinets... [More]
P2021-ND-019 Feb 23 2021 Victoria’s Secret Store Brand Management, LLC
Summary: The organization learned that an unauthorized individual gained access to personal information in... [More]
P2021-ND-018 Feb 16 2021 Christian Labour Association of Canada
Summary: Job profiles were inadvertently made available to search crawlers for indexing in search engines.... [More]
P2021-ND-016 Feb 16 2021 JTI-Macdonald Corporation
Summary: Salary compensation information was inadvertently made publicly available on a cloud server. The... [More]
P2021-ND-015 Feb 16 2021 Richardson GMP Ltd.
Summary: An administrative error caused an investment update document to be inadvertently mailed to out of... [More]
P2021-ND-014 Feb 16 2021 Salta Gymnastics Club
Summary: A board meeting was audiotaped, including the ‘in camera’ session where two employees’ employment... [More]
P2021-ND-013 Feb 16 2021 Association of Professional Engineers and Geoscientists of Alberta
Summary: The organization sent reminder notices on overdue continuing professional development submissions... [More]
P2021-ND-012 Feb 15 2021 Connect First Credit Union Ltd.
Summary: A printing error by a third party vendor led to financial investment renewal notices including some... [More]
P2021-ND-010 Feb 16 2021 Best Buy Canada Ltd.
Summary: A booklet containing a form with personal information was misplaced. The incident affected 67... [More]
P2021-ND-009 Feb 16 2021 Aurora Cannabis Enterprises Inc.
Summary: The organization was subject to a cyberattack involving unauthorized access to its SharePoint... [More]
P2021-ND-008 Mar 31 2021 Servus Credit Union Ltd.
Summary: An error in the printing and folding of tax receipts resulted in social insurance numbers being... [More]
P2021-ND-007 Feb 16 2021 ATB Financial
Summary: An employee's vehicles was broken into and a backpack containing an encrypted laptop, encrypted... [More]
P2021-ND-006 Feb 16 2021 Don Wheaton Chevrolet GMC Buick Cadillac Ltd.
Summary: A phishing email was opened which activated malware. The incident affected 4,000 Alberta residents.
P2021-ND-005 Feb 16 2021 Ridley College School
Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More]
P2021-ND-004 Feb 16 2021 London Life Insurance Company
Summary: An insurance contract was lost during transit. The incident affected three individuals in Alberta.
P2021-ND-003 Jan 26 2021 AltaSteel, Inc.
Summary: An email forwarding rule was set up without authorization. Three email accounts were sending emails... [More]
P2021-ND-002 Jan 26 2021 Deluxe Small Business Sales Inc., operating as MAC Highway
Summary: The organization discovered that the password for an administrative portal was compromised and an... [More]
P2021-ND-001 Jan 26 2021 Custom Electric Ltd.
Summary: A phishing attempt resulted in an internal email, with employee payroll earning statements... [More]
Page: of 1
Loading... Please Wait