
In 2010, under the Personal Information Protection Act, Alberta became the first jurisdiction in Canada to require breach notification from private sector organizations where there exists "a real risk of significant harm" to an individual as a result of the loss or unauthorized access to or disclosure of personal information.
The Commissioner publicly makes available the decisions where a real risk of significant harm was identified and notification to affected individuals was required. Decisions where there was no real risk of significant harm identified are not published.
Note: The search function for the table is limited to the content in the table, such as body name and summary. It does not scan all PDFs. However, the general search function in the top navigation of the website scans PDFs during a search.
Although the OIPC makes every effort to ensure that all information posted on the website is accurate and complete, the OIPC cannot guarantee its integrity. If there is any discrepancy between the information posted on our website and the original paper versions, the original paper document is authoritative.
Decision | Date | Body |
---|---|---|
P2020-ND-201 | Jan 4 2021 | Pacific Oaks College |
Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
P2020-ND-200 | Dec 16 2020 | The Chicago School of Professional Psychology |
Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
P2020-ND-199 | Dec 16 2020 | Luxury Hotels International of Canada ULC, a wholly owned, indirect subsidiary of Marriott International, Inc. |
Summary: The organization discovered on separate occasions unauthorized lookup activity of guest reservation... [More] | ||
P2020-ND-198 | Dec 16 2020 | Heart and Stroke Foundation |
Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
P2020-ND-197 | Dec 16 2020 | Food Banks Canada |
Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
P2020-ND-193 | Dec 16 2020 | car2go NA, LLC and car2go Canada Ltd. dba as SHARE NOW |
Summary: An unauthorized third party used North American IP addresses to perpetrate a brute force,... [More] | ||
P2020-ND-189 | Dec 16 2020 | Audio Visual Services Group, LLC d/b/a PSAV |
Summary: The organization learned that an unauthorized party had gained remote access to certain employees’... [More] | ||
P2020-ND-188 | Dec 16 2020 | Leibel Insurance Group |
Summary: A copy of personal information used as a sample in a separate database was accessed by an... [More] | ||
P2020-ND-187 | Dec 16 2020 | KandyPens, Inc. |
Summary: The organization determined that an unauthorized user gained access to the organization's online... [More] | ||
P2020-ND-186 | Dec 16 2020 | SimpleTax Software Inc. |
Summary: The organization was subject to a credential stuffing attack, which resulted in unauthorized... [More] | ||
P2020-ND-185 | Dec 8 2020 | SalonBiz |
Summary: The organization detected unusual activity in an employee's email account and determined that the... [More] | ||
P2020-ND-177 | Dec 3 2020 | Sun Life Assurance Company of Canada |
Summary: The organization sent a claim status letter to the individual's employer benefits general email... [More] | ||
P2020-ND-176 | Dec 3 2020 | ENMAX Corporation |
Summary: An employee was subject to a targeted phishing attack. A malicious email directed the user to a... [More] | ||
P2020-ND-175 | Dec 3 2020 | Mattress Insider LLC |
Summary: An unauthorized entity added malicious script to the organization’s payment gateway on a website it... [More] | ||
P2020-ND-174 | Dec 3 2020 | Connect First Credit Union Ltd. |
Summary: An email was sent to an individual with an attachment containing a completed statement of affairs... [More] | ||
P2020-ND-173 | Dec 3 2020 | Shady Hill School |
Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
P2020-ND-172 | Dec 3 2020 | Olson Curling Inc. |
Summary: A service provider's truck was stolen, which contained the organization's files. The incident... [More] | ||
P2020-ND-171 | Dec 3 2020 | Ambrose University |
Summary: A third party service provider to the organization was subject to a ransomware attack. The incident... [More] | ||
P2020-ND-170 | Dec 3 2020 | MEM Psychological Services Inc. |
Summary: The organization sent an email to clients informing them how to access virtual services. The email... [More] | ||
P2020-ND-169 | Dec 1 2020 | 1883865 Alberta Ltd. / Knoxville’s Tavern |
Summary: Due to a technical error, the organization emailed T4s to incorrect recipients. The incident... [More] | ||
P2020-ND-168 | Dec 1 2020 | ivari |
Summary: A password protected laptop and a bag containing client files were stolen from a vehicle. The... [More] | ||
P2020-ND-167 | Dec 1 2020 | Boardwalk Rental Communities |
Summary: A number of items were stolen from one of the organization's leasing offices. The incident affected... [More] | ||
P2020-ND-166 | Dec 1 2020 | Minted LLC |
Summary: An unauthorized actor gained access and obtained information from the organization’s user account... [More] | ||
P2020-ND-165 | Nov 24 2020 | LiveAuctioneers, LCC |
Summary: A service provider to the organization was subject to a cyberattack, and some records were posted... [More] | ||
P2020-ND-164 | Nov 24 2020 | Special Olympics Alberta Association |
Summary: A volunteer with the organization had a binder containing personal information stolen from her car.... [More] | ||
P2020-ND-163 | Nov 24 2020 | ivari |
Summary: A courier package containing a paramedical form was received but the form went missing. The... [More] | ||
P2020-ND-162 | Nov 24 2020 | World Financial Group Insurance Agency of Canada Inc. |
Summary: An employee's vehicle was stolen, and a password protected laptop containing client information and... [More] | ||
P2020-ND-161 | Nov 24 2020 | LUS Brands Inc. |
Summary: An email service provider to the organization suffered a security breach. An unauthorized third... [More] | ||
P2020-ND-160 | Nov 20 2020 | Hyde's Distrubtion |
Summary: Malware known as a web skimmer script was used on one of the organization's websites. The incident... [More] | ||
P2020-ND-159 | Nov 20 2020 | Canadian Fertilizers Limited (a wholly owned subsidiary of CF Industries Holdings, Inc.) |
Summary: A third party gained unauthorized access to a server through a brute force attack of a single... [More] | ||
P2020-ND-158 | Nov 20 2020 | You Can Trade Inc., a subsidiary of TradeStation Group Inc. |
Summary: A developer made an unauthorized back up copy of the organization’s database and website, and... [More] | ||
P2020-ND-157 | Nov 20 2020 | Ashbury College |
Summary: A service provider for the organization was subject to a ransomware attack. The incident affected... [More] | ||
P2020-ND-156 | Nov 20 2020 | Cognizant Technology Solutions Canada Inc. |
Summary: The organization was subject to a ransomware attack. The incident affected 14 Alberta residents. | ||
P2020-ND-155 | Nov 20 2020 | Burgundy Asset Management Ltd. |
Summary: An employee of the organization clicked on a phishing email and entered his login credentials for... [More] | ||
P2020-ND-154 | Nov 20 2020 | Goodman Mintz LLP |
Summary: The organization was subject to a ransomware attack. The incident affected approximately 902... [More] | ||
P2020-ND-153 | Nov 20 2020 | E.H. Wachs |
Summary: Unauthorized individuals installed ransomware on some of the organization's servers. The incident... [More] | ||
P2020-ND-152 | Nov 20 2020 | Canadian Back Institute Operating Limited Partnership |
Summary: A payroll administrator's password was compromised, resulting in unauthorized access to a... [More] | ||
P2020-ND-151 | Nov 20 2020 | Combat Network Inc. |
Summary: The organization was targeted by threat actors who gained unauthorized access to its network... [More] | ||
P2020-ND-150 | Nov 20 2020 | Industrial Alliance Insurance and Financial Services Inc., on behalf of its wholly owned subsidiaries Industrial Alliance Securities Inc. and Investia Financial Services Inc. |
Summary: As a result of a phishing incident, unauthorized spam messages containing malicious links were sent... [More] | ||
P2020-ND-149 | Nov 20 2020 | PCL Constructors Inc. |
Summary: An unknown third party accessed the database of a service provider for the organization. The... [More] | ||
P2020-ND-148 | Nov 17 2020 | Arbonne International LLC |
Summary: The organization discovered an unauthorized attempt to access its secure servers, and determined... [More] | ||
P2020-ND-147 | Nov 17 2020 | Eastern Virginia Medical School |
Summary: The organization determined that an unauthorized user had gained access to four email accounts for... [More] | ||
P2020-ND-146 | Nov 17 2020 | Drillinginfo, Inc. (Enverus) |
Summary: A service provider advised the organization that a technical issue with a password recovery process... [More] | ||
P2020-ND-145 | Nov 17 2020 | FitFabFun, Inc., a Delaware corporation |
Summary: A third party installed malicious code on the shop extension of the organization’s website, using... [More] | ||
P2020-ND-143 | Nov 6 2020 | Co-operators General Insurance Company and Co-operators Life Insurance Company |
Summary: The organization found that a former employee used a client's credit card number to fraudulently... [More] | ||
P2020-ND-142 | Nov 6 2020 | Bird Construction, Inc. |
Summary: The organization was subject to a ransomware attack. The incident affected approximately 498... [More] | ||
P2020-ND-141 | Nov 6 2020 | Xpedient Logistics |
Summary: The organization experienced a phishing incident involving unauthorized access to employee email... [More] | ||
P2020-ND-140 | Nov 3 2020 | Law Society of Alberta |
Summary: The email account of an employee of the organization was hacked and several hundred phishing emails... [More] | ||
P2020-ND-139 | Nov 3 2020 | Servus Credit Union Ltd. |
Summary: A fraudulent impersonator with knowledge of personal information and credit card information was... [More] | ||
P2020-ND-138 | Nov 3 2020 | American Association of Nurse Anesthetists |
Summary: A malicious script designed to capture payment card information was discovered on the... [More] | ||
P2020-ND-137 | Nov 3 2020 | V.A. MacDonald Q.C., Barrister & Solicitor |
Summary: A hard drive was stolen from an IT service provider's vehicle. The incident affected approximately... [More] | ||
P2020-ND-135 | Nov 3 2020 | Connect Logistics Services Inc., and its affiliates, including DHL Global Forwarding (Canada) Inc., which are subsidiaries of Deutsche Post AG |
Summary: An intruder compromised an employee's payroll system account. The intrusion arose from a phishing... [More] | ||
P2020-ND-134 | Nov 3 2020 | ATB Financial |
Summary: Files were stolen from one of the organization's locations. The incident affected three... [More] | ||
P2020-ND-133 | Nov 3 2020 | DBH Law |
Summary: The organization filed forms but inadvertently included copies that disclosed the personal... [More] | ||
P2020-ND-132 | Nov 3 2020 | CNOOC Petroleum North America ULC |
Summary: An employee sent an email to a number of individuals and inadvertently attached the wrong document... [More] | ||
P2020-ND-130 | Oct 30 2020 | VersaCold Logistics Services |
Summary: Eight laptops were stolen from the organization's office. The incident affected 3,200 individuals,... [More] | ||
P2020-ND-129 | Oct 30 2020 | The Brenda Strafford Foundation Ltd. |
Summary: An attachment containing the information at issue was sent out with employee pay stubs in error.... [More] | ||
P2020-ND-128 | Oct 30 2020 | Kalispell Regional Healthcare |
Summary: A phishing email led several employees to unknowingly provide their login credentials to malicious... [More] | ||
P2020-ND-127 | Oct 27 2020 | StorageVault Canada Inc. dba Access Storage |
Summary: Physical records with client information were stolen from a storage locker the organization owned.... [More] | ||
P2020-ND-126 | Oct 27 2020 | Wayside Technology Group, Inc. |
Summary: The organization discovered unusual activity in it email system and determined personal information... [More] | ||
P2020-ND-125 | Oct 27 2020 | Atria Senior Living |
Summary: An email phishing incident resulted in suspicious activity related to certain employee email... [More] | ||
P2020-ND-124 | Oct 27 2020 | PFSL Investments (Canada) Ltd. |
Summary: An independent sales representative hard her purse stolen. The purse contained the personal... [More] | ||
P2020-ND-123 | Oct 27 2020 | OnePlus Technology (Shenzhen) Co., Ltd. |
Summary: An unauthorized individual was able to access data relating to other users and their orders on the... [More] | ||
P2020-ND-122 | Oct 27 2020 | College and Association of Registered Nurses of Alberta |
Summary: The information at issue was mistakenly disclosed to a member having the same first name as another... [More] | ||
P2020-ND-119 | Oct 27 2020 | HSBC InvestDirect |
Summary: Due to a system misconfiguration, the organization inadvertently mailed a customer's mutual fund... [More] | ||
P2020-ND-118 | Oct 27 2020 | Eye Buy Direct, Inc. |
Summary: The organization determined its systems showed signs of intrusions, but it could not confirm how or... [More] | ||
P2020-ND-117 | Oct 26 2020 | Raytheon Canada Limited |
Summary: An unauthorized party exploited a vulnerability in a third-party technology the organization uses... [More] | ||
P2020-ND-116 | Oct 2 2020 | NorthShore University HealthSystem |
Summary: The organization's third party service provider reported that cyber criminals obtained access to... [More] | ||
P2020-ND-115 | Oct 2 2020 | Evangelical Fellowship of Canada |
Summary: The organization's third party service provider experienced a ransomware attack. The incident... [More] | ||
P2020-ND-114 | Oct 2 2020 | Kayden Industries LP |
Summary: The organization reported that it appeared some its personnel files might have been compromised by... [More] | ||
P2020-ND-113 | Sep 25 2020 | Apeetogosan (Metis) Development Inc. |
Summary: The organization found its computer system was affected by a ransomware attack that caused its... [More] | ||
P2020-ND-112 | Sep 25 2020 | Employee Benefit Funds Administration Ltd. |
Summary: An employee with the organization inadvertently switched two claims documents and mailed them to... [More] | ||
P2020-ND-111 | Sep 24 2020 | CNOOC Petroleum North America ULC |
Summary: The organization discovered that the first employee had authorized access to a spreadsheet of... [More] | ||
P2020-ND-110 | Sep 24 2020 | Rockyview Gas Co-op Ltd. |
Summary: The organization mistakenly printed notices double sided for customers with overdue accounts. As a... [More] | ||
P2020-ND-109 | Sep 24 2020 | CPA Western School of Business |
Summary: An employee with the organization clicked on a phishing email, which created a rule that... [More] | ||
P2020-ND-108 | Sep 24 2020 | Real Estate Council of Alberta |
Summary: An unknown individual gained unauthorized access to an employee email account through a phishing... [More] | ||
P2020-ND-107 | Sep 24 2020 | CAM LLP |
Summary: An employees with the organization had her car stolen, including a briefcase with hard copies of... [More] | ||
P2020-ND-106 | Sep 24 2020 | ZipRecruiter Inc. |
Summary: The organization discovered that the unique login credentials of 30 client-user accounts had been... [More] | ||
P2020-ND-105 | Sep 23 2020 | Carnival Cruise Line a division of Carnival Corporation |
Summary: An intruder deleted two databases from a job portal hosted by a third party. The incident affected... [More] | ||
P2020-ND-104 | Sep 23 2020 | Namaste Technologies, Inc. |
Summary: An employee of the organization noticed unsolicited emails had been received at internal email... [More] | ||
P2020-ND-103 | Sep 23 2020 | College of Physicians and Surgeons of Alberta |
Summary: A hearing tribunal decision was published to the organization’s website and released to the media... [More] | ||
P2020-ND-102 | Sep 17 2020 | SkipTheDishes Restaurant Services Inc. |
Summary: The organization discovered a malicious actor performed a credential-stuffing attack by testing... [More] | ||
P2020-ND-101 | Sep 17 2020 | Economical Insurance and its subsidiary, Sonnet Insurance Company |
Summary: An employee received a phishing email from an unknown third party. The email included a hyperlink... [More] | ||
P2020-ND-100 | Sep 17 2020 | Maplebear Inc., dba Instacart |
Summary: The organization identified evidence that employees of its service provider accessed more shopper... [More] | ||
P2020-ND-099 | Sep 3 2020 | MNP LLP and related subsidiaries and affiliates |
Summary: The organization reported its systems were encrypted as a result of a cybersecurity incident. The... [More] | ||
P2020-ND-097 | Sep 3 2020 | Railworks Corporation |
Summary: The organization was the victim of a cyberattack in which an unauthorized third party encrypted its... [More] | ||
P2020-ND-096 | Sep 3 2020 | Ply Gem Residential Solutions |
Summary: The organization discovered that an unauthorized individual may have accessed certain employees’... [More] | ||
P2020-ND-095 | Sep 3 2020 | Accor Services Canada Inc. |
Summary: A service provider for the organization discovered a file containing personal information on a... [More] | ||
P2020-ND-094 | Sep 2 2020 | Medicine Hat Family Young Men’s Christian Association |
Summary: An employee with the organization sent an email contact list containing guardians’ contact... [More] | ||
P2020-ND-093 | Sep 2 2020 | Teck Highland Valley Cooper Corporation |
Summary: Due to an incorrect mail merge operation, pension benefit statements sent to former employees were... [More] | ||
P2020-ND-092 | Sep 1 2020 | Neptune Wellness Solutions Inc. |
Summary: The organization's networks were encrypted by an unknown actor. The incident affected 345... [More] | ||
P2020-ND-091 | Sep 1 2020 | Zoosk, Inc. |
Summary: An unauthorized third party gained access to the Organization’s data stored in a database hosted by... [More] | ||
P2020-ND-089 | Jul 28 2020 | Dubsmash Inc. and Mobile Motion GmbH (collectively, Dubsmash) |
Summary: After a reporter contact the organization about the sale of potentially stolen information, the... [More] | ||
P2020-ND-088 | Jul 28 2020 | Howard & Associates Psychological Services |
Summary: The organization’s office was broken into, and the intruders stole intake forms from two employee... [More] | ||
P2020-ND-087 | Jul 28 2020 | Alberta Society of Professional Biologists |
Summary: A laptop went missing, and it may have stored an event attendees list. The incident affected 27... [More] | ||
P2020-ND-086 | Jul 28 2020 | Running Room Canada |
Summary: The organization’s web security team identified an SQL injection and confirmed unauthorized access... [More] | ||
P2020-ND-085 | Jul 28 2020 | Nicola Wealth Management Ltd. |
Summary: The organization discovered an unknown third party temporarily gained access to the CEO’s email... [More] | ||
P2020-ND-084 | Jul 24 2020 | The Canada Life Assurance Company |
Summary: Due to an administrative and system error, a plan member logged into the system and was able to see... [More] | ||
P2020-ND-083 | Jul 24 2020 | IPC Investment Corporation |
Summary: An advisor with the organization prepared documents to send to a client for completion, but entered... [More] | ||
P2020-ND-081 | Jul 24 2020 | Westward Advisors Ltd. |
Summary: A phishing attack against the organization was successful. The attacker also created a similar but... [More] | ||
P2020-ND-080 | Jul 24 2020 | Rifco National Auto Finance Corporation |
Summary: Two letters were inadvertently sent to two incorrect cell phone numbers. The incident affected two... [More] | ||
P2020-ND-079 | Jul 24 2020 | Servus Credit Union |
Summary: A briefcase was stolen from a Red Deer branch of the organization. The incident affected 21... [More] | ||
P2020-ND-078 | Jul 24 2020 | ivari |
Summary: A life insurance policy contract was placed in an incorrect courier envelope package. The incident... [More] | ||
P2020-ND-077 | Jul 24 2020 | Pfizer Canada ULC |
Summary: The organization found that an unauthorized third party gained access to one of its payroll service... [More] | ||
P2020-ND-076 | Jul 24 2020 | Carnival Corporation & plc and its subsidiaries and brands |
Summary: The organization discovered that an unauthorized third party gained access to some employee email... [More] | ||
P2020-ND-075 | Jul 17 2020 | Capital Region Housing Corporation |
Summary: Tenants who failed to pay their rent were issued notices to vacate. The site manager who did the... [More] | ||
P2020-ND-074 | Jul 17 2020 | Hanna Andersson, LLC |
Summary: Law enforcement informed the organization that credit cards used on its website were available for... [More] | ||
P2020-ND-073 | Jul 16 2020 | Justin Warsylewicz |
Summary: A vehicle belonging to the organization was broken into and a travel bag was stolen. The incident... [More] | ||
P2020-ND-072 | Jul 16 2020 | Industrial Alliance Insurance and Financial Services Inc. |
Summary: An insurance broker's briefcase, which included an insurance policy contract with personal... [More] | ||
P2020-ND-071 | Jul 16 2020 | ExecuPharm, Inc. |
Summary: The organization's data network was compromised by a cyber ransomware event conducted by malicious... [More] | ||
P2020-ND-070 | Jul 15 2020 | Midwest Surveys Inc. |
Summary: A series of emails, with a link to virus payload, was sent out from an employee's email account.... [More] | ||
P2020-ND-069 | Jul 15 2020 | Marval Capital Ltd. |
Summary: The organization's general email account was used to send out phishing emails. The incident... [More] | ||
P2020-ND-068 | Jul 15 2020 | Tupperware U.S., Inc. |
Summary: The organization identified unauthorized code had been inserted onto e-commerce websites. The... [More] | ||
P2020-ND-067 | Jul 15 2020 | Pomeroy Lodging LP |
Summary: The organization's office was broken into and multiple laptops and some paper files were stolen.... [More] | ||
P2020-ND-066 | Jul 15 2020 | Capital Brands Distribution, LLC |
Summary: The organization determined that an unauthorized user changed the website's checkout page to... [More] | ||
P2020-ND-065 | Jul 13 2020 | WESCO Distribution Inc. |
Summary: An employee's email account was compromised through a phishing email. The unknown actor placed an... [More] | ||
P2020-ND-064 | Jul 13 2020 | Tenaris Group / TMK IPSCO Canada Ltd. |
Summary: The organization identified a lack of security controls for certain files stored in a temporary... [More] | ||
P2020-ND-063 | Jul 13 2020 | King Defence |
Summary: An employee with the organization had his vehicle broken into and a cellphone was stolen. The... [More] | ||
P2020-ND-062 | Jun 5 2020 | Lorne Steinberg Wealth Management Inc. |
Summary: The organization determined that an unknown external actor gained access to the email accounts and... [More] | ||
P2020-ND-061 | Jun 5 2020 | Mountain Equipment Co-op |
Summary: The organization ran a pilot marketing campaign during which it sent the personal information at... [More] | ||
P2020-ND-060 | May 29 2020 | Servus Credit Union Ltd. |
Summary: An email containing mortgage renewal documents for an individual was sent to an unknown recipient... [More] | ||
P2020-ND-059 | May 29 2020 | Avenue Living Communities Ltd. |
Summary: The organization became aware that an unknown and unauthorized actor had altered an employee's... [More] | ||
P2020-ND-058 | Jun 12 2020 | Investors Group Financial Services Inc. |
Summary: A hacker gained access to the clients’ (husband and wife) email account and then proceeded to pose... [More] | ||
P2020-ND-057 | May 29 2020 | ATB Financial |
Summary: A team member's vehicle was stolen, which had in it a laptop and mortgage application paper... [More] | ||
P2020-ND-056 | May 29 2020 | Lightspeed Technologies, Inc. |
Summary: Customers of the organization reported receiving spoofed emails attempting to change the account... [More] | ||
P2020-ND-055 | May 25 2020 | Attia Law Group |
Summary: A lawyer with the organization lost a binder in the Edmonton Provincial Courthouse. The binder... [More] | ||
P2020-ND-054 | May 22 2020 | Flexiti Financial Inc. |
Summary: The organization received an email from someone purporting to be a hacker and claiming to have... [More] | ||
P2020-ND-053 | May 22 2020 | Synergen Housing Corporation Ltd. |
Summary: Personal information in meeting minutes was not redacted prior to the minutes being distributed to... [More] | ||
P2020-ND-052 | May 22 2020 | Solium Capital UI-C |
Summary: The organization reported that one of its contracted service providers determined that a former... [More] | ||
P2020-ND-051 | May 22 2020 | ATB Financial |
Summary: A safe was stolen from one of the organization's locations. The incident affected 15 Alberta... [More] | ||
P2020-ND-050 | May 21 2020 | Master-Bilt Refrigeration Solutions |
Summary: An unauthorized person accessed the email account of one of the organization's employees. A number... [More] | ||
P2020-ND-047 | May 19 2020 | iA Financial Group |
Summary: A vehicle belonging to an insurance agent working with the organization was broken into, and a... [More] | ||
P2020-ND-046 | May 19 2020 | Grape Holding, NV |
Summary: An unauthorized user accessed the organization’s reservation portfolios on a third party system.... [More] | ||
P2020-ND-045 | May 1 2020 | London Life Insurance Company |
Summary: A completed insurance application was mailed from an advisor's office in Edson to the... [More] | ||
P2020-ND-044 | May 1 2020 | Servus Credit Union Ltd. |
Summary: An employee of the organization verbally disclosed information about a loan application to an... [More] | ||
P2020-ND-043 | May 1 2020 | ivari |
Summary: An insurance advisor's car was broken into and a laptop was stolen. The information at issue was... [More] | ||
P2020-ND-042 | Apr 20 2020 | Carly Buffalo RMT |
Summary: A home office was broken into and a laptop containing the information at issue was stolen. The... [More] | ||
P2020-ND-041 | Apr 20 2020 | TrueFire LLC |
Summary: The organization discovered that an unauthorized person gained access to its computer system and... [More] | ||
P2020-ND-040 | Apr 8 2020 | Co-operators General Insurance Company |
Summary: During a claim investigation process, the organization’s claims representative provided licence... [More] | ||
P2020-ND-039 | Apr 1 2020 | Web.com Group, Inc. |
Summary: The organization became aware that a third party might have gained unauthorized access to a limited... [More] | ||
P2020-ND-038 | Apr 1 2020 | Master Paints Institute (MPI) Canada, Inc. |
Summary: The organization discovered a vulnerability in the shopping cart function on its website that... [More] | ||
P2020-ND-037 | Mar 30 2020 | Mosaic Primary Care Network |
Summary: An employee’s email account was compromised and used to impersonate an external software vendor. A... [More] | ||
P2020-ND-036 | Mar 17 2020 | LifeLabs Inc. |
Summary: A cyberattack involving unauthorized access to two web servers and two databases occurred. The... [More] | ||
P2020-ND-035 | Mar 9 2020 | Chamberlain Group, Inc. |
Summary: The organization discovered that a call center employee had not followed mandated security... [More] | ||
P2020-ND-034 | Mar 9 2020 | SkipTheDishes Restaurant Services Inc. |
Summary: The organization found account takeovers occurred as a result of individuals having lost control of... [More] | ||
P2020-ND-033 | Mar 9 2020 | Guardian Law Group LLP |
Summary: The organization was contacted by another law firm that reported it had received a suspicious email... [More] | ||
P2020-ND-032 | Mar 6 2020 | Parvus Therapeutics Inc. |
Summary: A consultant who provides human resource services to the organization was targeted with a phishing... [More] | ||
P2020-ND-031 | Mar 5 2020 | Lethbridge Community Out of School Association |
Summary: An employee of the organization was on a short term leave and the organization was looking for... [More] | ||
P2020-ND-030 | Mar 4 2020 | Sprott Money Ltd. |
Summary: The organization’s website was compromised as a result of malicious code uploaded by an... [More] | ||
P2020-ND-029 | Mar 4 2020 | The Canada Life Assurance Company |
Summary: The organization contacted a residential tenant regarding her parking rent. The individual advised... [More] | ||
P2020-ND-028 | Mar 4 2020 | Syncrude Canada Inc. |
Summary: An employee who was ill was assessed by a nurse on-site and sent home. The employee mentioned that... [More] | ||
P2020-ND-027 | Mar 4 2020 | News America Marketing Digital LLC |
Summary: The organization learned an unauthorized third party attempted to gain access to Checkout 51... [More] | ||
P2020-ND-026 | Mar 4 2020 | Association of Professional Engineers and Geoscientists of Alberta |
Summary: An employee’s email/laptop was accessed without authorization. Phishing emails were received by... [More] | ||
P2020-ND-025 | Mar 4 2020 | PAR Technology Corporation |
Summary: The organization found that 11 employee email accounts were accessed without authorization. The... [More] | ||
P2020-ND-024 | Mar 3 2020 | StockX LLC |
Summary: The organization found that an unknown third party had been able to gain unauthorized access to... [More] | ||
P2020-ND-023 | Mar 3 2020 | Economical Mutual Insurance Company |
Summary: An independent insurance claims adjusting firm engaged by the organization to adjust property... [More] | ||
P2020-ND-022 | Feb 21 2020 | Koff Productions |
Summary: The OIPC received an email from an employee of another provincial government stating he had... [More] | ||
P2020-ND-021 | Feb 14 2020 | National Baseball Hall of Fame and Museum |
Summary: An unauthorized third party injected malicious code into the organization’s web store. The incident... [More] | ||
P2020-ND-020 | Feb 14 2020 | Skip The Dishes Restaurant Services Inc. |
Summary: Unknown individual(s) used credential stuffing to gain access to the organization’s courier... [More] | ||
P2020-ND-019 | Feb 14 2020 | RBC Life Insurance Company |
Summary: The organization emailed a claimant’s letter to the claimant’s employer in error. The letter was... [More] | ||
P2020-ND-018 | Feb 13 2020 | Health Standards Organization (HSO) and Accreditation Canada (AC) |
Summary: The organization's IT systems were impacted by ransomware that encrypts all data on the infected... [More] | ||
P2020-ND-017 | Feb 13 2020 | PetroChina Canada Ltd. |
Summary: Malware was discovered on an end user laptop. The incident affected one individual in Alberta, and... [More] | ||
P2020-ND-016 | Feb 13 2020 | Quarterhill Inc. |
Summary: An employee responsible for human resource functions used a corporate owned laptop to access a file... [More] | ||
P2020-ND-015 | Feb 13 2020 | Kearns, Brinen & Monaghan |
Summary: Two employees of the organization each received a phishing email with a hyperlink. The employees... [More] | ||
P2020-ND-014 | Feb 13 2020 | First National Financial LP |
Summary: The account credentials of an employee of the organization were compromised during a credential... [More] | ||
P2020-ND-013 | Feb 13 2020 | Leafly Holdings, Inc. |
Summary: The organization was contacted by a security researcher who advised that he had obtained a set of... [More] | ||
P2020-ND-012 | Feb 13 2020 | OrthoAccel Technologies, Inc. |
Summary: The organization confirmed one of its email account users was the victim of a phishing event that... [More] | ||
P2020-ND-011 | Feb 12 2020 | Omista Credit Union Limited |
Summary: The organization was made aware of an email phishing incident that affected a number of its... [More] | ||
P2020-ND-010 | Feb 12 2020 | The Driving Force Inc. |
Summary: The organization discovered that, due to a phishing scheme, an unauthorized third party gained... [More] | ||
P2020-ND-009 | Feb 11 2020 | Servus Credit Union Ltd. |
Summary: An unauthorized individual was able to successfully access a member’s account. The incident... [More] | ||
P2020-ND-008 | Feb 11 2020 | Beakerhead Creative Society |
Summary: The organization was not able to determine whether an email distribution list that had been... [More] | ||
P2020-ND-007 | Feb 11 2020 | Eye Safety Systems, Inc. |
Summary: The organization concluded that an unauthorized individual or group extracted personal information... [More] | ||
P2020-ND-006 | Feb 11 2020 | Rifco National Auto Finance |
Summary: An employee was conversing by email with a customer and inadvertently used the ongoing email string... [More] | ||
P2020-ND-005 | Feb 11 2020 | Manufacturers Life Insurance Company of Canada |
Summary: Anomalous activity on the organization's group retirements business' plan member website appeared... [More] | ||
P2020-ND-004 | Feb 11 2020 | Feld Entertainment, Inc. |
Summary: The organization confirmed unauthorized access to certain employee accounts related to a phishing... [More] | ||
P2020-ND-003 | Jan 31 2020 | Employer's Resource Council |
Summary: The organization determined that an unauthorized actor accessed two of its employees' email... [More] | ||
P2020-ND-002 | Jan 31 2020 | Carl's Golfland |
Summary: A webshell was inserted into the organization’s website through a vulnerability and brute force... [More] | ||
P2020-ND-001 | Jan 31 2020 | Industrial Alliance Insurance and Financial Services Inc. |
Summary: The email account of a representative of the organization was accessed as the result of a phishing... [More] | ||
H2020-ND-01 | Dec 9 2020 | Alberta Health Services |
Summary: Alberta Health Services notified the Commissioner, as required by section 60.1(5) of HIA, that it... [More] |
Copyright 2021 OIPC. All rights reserved.