Breach Notification Decisions

The Personal Information Protection Act requires private sector organizations to notify the Commissioner and affected individuals where there exists "a real risk of significant harm" to an individual as a result of a privacy breach (section 34.1).

Decisions where there was a real risk of significant harm are made available. Decisions where there was no real risk of significant harm are not made available.

Under the Health Information Act, the Commissioner may confirm a custodian’s decision not to notify or by order require notice to an affected individual (section 85.1(2)). On occasion, those decisions are published.

Breach DecisionOrganizationSummaryLink
P2022-ND-062

Porsche Centre Calgary

A database containing customer personal information was used without authorization by a former employee whose employment was terminated in 2021. The unauthorized access was discovered on or about March 25, 2022, after customers notified the Organization about unsolicited emails received at email addresses “that they have only shared with the dealership.” Some of the affected individuals explained “they had not given consent… to the sender or his organisation” and “have not signed up for the …
P2022-ND-061

Universe Machine Corporation on behalf of Saturn Machine Works Ltd.

The Organization obtains payroll administration services from a third party service provider, Universe Machine Corporation (UMC). The Organization authorized UMC to report the breach on their behalf. On August 12, 2021, UMC was the subject of a ransomware attack. It is believed that the attacker gained access to UMC’s environment via brute force attack against public facing ports. The incident was discovered the following day, August 13, 2021, when one of UMC’s managers attempted to …
P2022-ND-060

Universe Machine Corporation

On August 12, 2021, the Organization was the subject of a ransomware attack. It is believed that the attacker gained access to the environment via brute force attack against public facing ports. The incident was discovered the following day, August 13, 2021, when one of the Organization’s managers attempted to log in to their computer. A ransom demand was also found. In its January 25, 2022 update, the Organization confirmed that “the threat actor obtained …
P2022-ND-059

Canadian Tire Corporation

On August 11, 2022, a threat actor used credentials compromised in previous breaches from unrelated third-party companies to gain access to accounts of users who use the same credentials with the Organization and utilized a configuration error on an application programming interface (API) to circumvent security safeguards. The breach was discovered by the Organization on September 11, 2022. The breach affected certain Triangle Reward accounts and certain Canadian Tire accounts.
P2022-ND-058

DoorDash, Inc.

On July 31, 2022, the Organization noticed suspicious access to a customer service tool from two Alorica user accounts. The Organization promptly launched an investigation in conjunction with Alorica. By August 5, 2022, suspicious activity originating from two additional Alorica user accounts was identified. The investigation determined that the Alorica customer service agents provided their credentials to an unauthorized party in response to an apparent phishing scam. The Organization reported “The unauthorized party was then …
P2022-ND-057

Direct Energy Marketing Limited

On July 19, 2021, the Organization learned that an individual located in India was contacting the Organization’s customers purporting to be a representative of the Organization (the “Fraudster”). The Organization discovered that the Fraudster had been provided authorized access to certain customer information by HCL Technologies Limited (“HCL”). HCL is a contractor that provides customer support services to the Organization. The Fraudster was a customer service agent of HCL located in India who was first …
P2022-ND-056

Stillman LLP

On January 5, 2021, a laptop containing legal documents of four (4) clients of the firm was stolen from a staff member’s vehicle. The Organization reported “the laptop was password secured.”
P2022-ND-054

W.J. Stelmaschuk & Associates, Ltd.

On April 21, 2021, a staff member parked their vehicle at the visitor parking of the client’s apartment complex and went inside to collect the client for an outing. The staff member kept an office bag with the client’s medication administration sheet and communication book with client information in the vehicle (staff are required to take this information with them on outings because they need to deliver personalized services during the outing). The staff member …
P2022-ND-053

Electronic Arts, Inc.

On August 1, 2022, an internal active directory contact list with details of the Organization’s workers and business partners was posted on an underground hacking community channel within the messaging platform, Telegram. The information was then reposted on August 4, 2022, on a different channel on the Telegram platform. The Organization learned of these postings on August 11, 2022. The attacker obtained access to the credentials of a service account (i.e., an account provisioned for …
P2022-ND-052

Victoria’s Secret Stores Brand Management

Between June 5, 2021 and June 6, 2021, the Organization learned that an unauthorized party gained access to personal information in certain online accounts. The Organization determined that the unauthorized access to the online accounts was caused by a credential stuffing bot attack. The Organization reported that the incident did not arise based on a breach of its security safeguards. It reported that the incident involved the apparent reuse of credentials (usernames and passwords) that …
P2022-ND-050

Grant Thornton, LLC

On June 5, 2020, an employee’s email account was accessed by an unauthorized individual. The unauthorized individual then sent phishing emails from the account to others at the Organization. The Organization secured the affected account, and immediately commenced an investigation with the assistance of third-party cybersecurity experts. The Organization reported that no other employee accounts were affected. No other parts of the Organization’s system or business were affected by the incident.
P2022-ND-049

Axis Mortgage Inc.

In the early part of 2020, the affected individuals approached the Organization to assist them in obtaining a mortgage. The affected individuals did not ultimately require mortgage assistance. The Organization closed the file and copies of the information provided by the affected individuals was deleted. Due to an error, a copy of the affected individuals’ information was saved in a separate storage area of the Organization’s computer system under a different client name. On September …
P2022-ND-048

Norwich University

The Organization is a post-secondary educational institute in Vermont, United States of Amercia. Blackbaud Inc. (Blackbaud) provided cloud-based data management services to the Organization. On July 16, 2020, Norwich was notified by Blackbaud that it had discovered and stopped a ransomware attack that occurred in May 2020. Blackbaud experienced a ransomware attack that occurred between February 7, 2020 and May 20, 2020. Blackbaud systems affected by the attack included a database containing certain data related …
P2022-ND-047

Arrow Truck Sales, Inc.

Personnel reported being unable to access the servers and that login credentials had been changed. The Organization determined that on or about November 16, 2020, an unauthorized third party gained access to its network and subsequently acquired some of its internal company information from a server before installing a ransomware program. The unauthorized party posted certain of the Organization’s information on a publicly accessible website. The Organization learned that certain of its customers’ personal information …
P2022-ND-046

L Brands, Inc.

SafetyCall provides adverse event reporting services related to consumer products for the Organization. SafetyCall uses a sub-processor, NetGain, for data hosting services. On November 24, 2020, SafetyCall first became aware of a potential security issue, which culminated in the launch of ransomware on December 3, 2020. On December 14, 2020, SafetyCall informed the Organization that NetGain experienced a potential security incident and started investigating the incident. On January 25, 2021, NetGain informed SafetyCall that the …
P2022-ND-043

Pomeroy Lodging LP

? On March 29, 2022, the Organization was alerted of a ransomware attack from one of its hotels. ? The hackers had access to the Organization?s servers that included payroll information for current and past staff. ? The Organization?s property management system and the credit card portals for client facing guests were not affected.
P2022-ND-042

Tyler J. Arnold Professional Corporation

? On November 18, 2021, a staff?s email was hacked. ? The Organization?s IT support advised that either the hacker was able to decipher the staff?s email login and password or staff member clicked on a malicious email link. ? The hacker sent approximately 250 emails with a virus link to contacts from the staff?s account. ? Some of the contacts called the Organization to report the fraudulent email they received.
P2022-ND-041

Performive, Inc

? On or about June 14, 2021, the Organization identified unusual user activity on its network. ? The Organization determined an unauthorized third party was able to access a portion of its network using a compromised SSH key. ? The Organization disabled the compromised SSH key. ? The Organization reported that the unauthorized activity occurred between June 3, 2021 and June 12, 2021. ? Initially, the Organization believed only encrypted personal information had been accessed. …
P2022-ND-040

Spreadshirt, Inc

? Early in July 2021, the Organization discovered evidence of unauthorized access to employee computers. ? The Organization concluded that a criminal deliberately targeted its network in an attempted ransomware attack. ? The attacker did not succeed in encrypting the Organization?s systems, however, the Organization believes that the attacker was able to access and copy data from its internal networks. ? The attacker used a keylogger to acquire employee login credentials and certificates. ? In …
P2022-ND-039

The Stevens Company Limited

On April 10, 2021, the Organization discovered that it was the victim of a cybersecurity attack by an unauthorized third party. The malicious actor deployed ransomware to encrypt the Organization?s technology infrastructure and to exfiltrate data.
P2022-ND-038

Martin Energy Group Services, LLC

? On January 25, 2021, the Organization discovered that it had been subject a phishing event and business email compromise. ? The Organization forensics team have been unable to confirm or rule out specific access to individual emails and therefore treated the entirety of the mailboxes as accessed by the unknown third-party actor. ? The Organization?s investigation was able to establish that the period of unauthorized access spanned from January 19, 2021 to February 3, …
P2022-ND-037

Bow Valley Credit Union Ltd.

On August 6, 2021, a Requirement to Pay (RTP) notice from the CRA was sent to a wrong email address in error. The RTP was sent to an email address of a service provider instead of internally within the Organization. The incident was discovered on October 8, 2021, when the CRA contacted a branch of the Organization asking about the RTP.
P2022-ND-035

K2 Corrosion Fasteners Incorporated

? On October 15, 2021, the Organization discovered they were victim to a ransomware attack. ? The Organization did not determine how the threat actor compromised their network. ? An investigation did not rule out the possibility that data was accessed or exfiltrated.
P2022-ND-034

InvestX Financial (Canada) Ltd.

? On September 24, 2021, the Organization was victim to a ransomware attack. ? An investigation determined that a threat actor obtained system administrator credentials and exploited ?corporate firewalls to access Amazon AWS hosting infrastructures.? ? The Organization did not rule out the possibility that personal information was exfiltrated.
P2022-ND-033

Willow Park Wines Spirits

? On September 28, 2021, the Organization was victim to ransomware. The incident was discovered the following morning when employees were unable to access files. ? An investigation determined that a ?remote worker’s laptop was compromised resulting in a compromised connection to the worker?s onsite computer and the organization?s network. The intruder was able to use access to that computer system to access a shared drive and to deploy the ransomware.? ? It is not …
P2022-ND-032

Rifco National Auto Finance

? On May 8, 2021, an agent with the Organization received a phone call. ? The caller stated he was told his information was contained in a loan file in case the Organization could not reach the main applicant. ? The Organization sent a copy of the loan documentation to the caller as a result of the conversation. ? The Organization subsequently discovered the caller was not listed on the loan agreement. ? The Organization …
P2022-ND-031

Envision Pharma Group

? On or about January 26, 2021, the Organization experienced a ransomware incident. ? An unauthorized third party gained remote access to certain of its internal computer networks. ? The Organization determined that the unauthorized third party acquired some non-public data from its networks. ? The Organization reported that the earliest known date of unauthorized third-party activity was on January 19, 2021. There has been no observed malicious activity since January 26, 2021.
P2022-ND-030

Parkmobile, LLC

? On or about March 8, 2021, the Organization became aware of a cybersecurity incident. The incident is linked to a vulnerability in a third-party software. ? On March 15, 2021, the breach was discovered when the Organization received an email from the unauthorized person who attacked the network. ? The vulnerability allowed the unauthorized person access to a database table.
P2022-ND-029

Financi?re des Professionnels

? On April 6, 2021, intrusion alerts were triggered by the remote monitoring system. ? As a result, the Organization became aware of a ransomware-type intrusion directed towards some of its servers. ? The Organization immediately blocked access to its servers, limiting the scope of the intrusion. ? On April 13, 2021, the Organization discovered that certain personal information may have been exfiltrated. ? The Organization reported, ?All internal systems remain operational and there has …
P2022-ND-028

Arthur J. Gallagher Canada

? On 26 September 2020, the Organization detected a ransomware event effecting its internal systems. ? The Organization?s investigation determined that an unauthorized party accessed or acquired data contained within certain segments of its network between June 3, 2020 and September 26, 2020. ? The Organization was able to confirm that certain systems were accessed but it was unable to confirm what information within those systems was, in fact, accessed. ? The Organization has no …
P2022-ND-027

Medicine Hat Family Young Men?s Christian Association

? An employee with the Organization sent an email to 10 of its members without blind carbon copying all recipients. ? The Organization reviewed the email contents and reported that the content of the email itself did not contain any personal or confidential information. The email was a generic email asking recipients to log into their member portals to update payment information. ? An email recipient notified the Organization of the error.
P2022-ND-026

Witten LLP

? On March 23, 2021, an employee with the Organization was working remotely and had taken files home for reporting. ? The employee?s vehicle was broken into. The employee subsequently learned that client files/documents were stolen from the vehicle.
P2022-ND-025

Grandin After School Care

? On May 5, 2021, the Organization suspected that it experienced a break-in. ? A staff member with the Organization discovered a room?s Emergency Back Pack, which includes family contact cards, was missing and the room?s window was left open. ? The Organization reported that the backpack was not recovered.
P2022-ND-024

Financi?re des Professionnels

? On February 11, 2021, the Organization became aware of a business email compromise. ? Two (2) employees of the Organization alerted it that some of their contacts had received a phishing email. ? Eight (8) Microsoft Office 365 accounts were found to have been compromised. Phishing emails were sent from an Organization corporate email address to some of its clients. ? The Organization reported there was no indication that its servers had been accessed. …
P2022-ND-023

Edmonton Meals on Wheels

? On January 7, 2021, the Organization discovered that an external backup drive was missing from the server room of its head office in Edmonton, AB. ? The drive was one of several used to record daily backups of the Organization?s primary data server. ? The data server from which the backup drive was taken is located in a server room, which requires a keycode to access. ? The Organization discovered the encryption function on …
P2022-ND-022

Wycliffe Bible Translators of Canada

? On January 7, 2021, a donor report with personal information was accidentally sent to an incorrect email address belonging to an unknown user due to a clerical error. ? The Organization attempted to contact the unintended recipient?s email address, notifying them of the error, and asking them to delete the January 7, 2021 email, which was sent in error. The Organization has not received a response from the unintended recipient.
P2022-ND-021

Nissan Canada Finance

? On or about February 4, 2021, a perpetrator unlawfully accessed an Amazon Web Services (AWS) server on three separate instances using two different IP addresses. ? The perpetrator exploited a vulnerability on one of Organization?s AWS servers and, upon searching the compromised server, was able to obtain a single salesforce system ID. ? This ID was of limited scope and the perpetrator used it access the recent ?activity view? of interactions of that specific …
P2022-ND-020

Minnetonka Moccasin Company

? On December 29, 2020, the Organization discovered malicious code that was inserted in its e-commerce website. ? The Organization reported, if working as designed, the malicious code had the capability to capture payment card information. ? The Organization determined that payment card information might have been exposed for customers who made purchases through minnetonkamoccasin.com between November 25, 2020 and December 25, 2020.
P2022-ND-019

Forest City Trade Group, LLC

? On June 24, 2021, the Organization discovered anomalous security activity when a computer administrator’s remote desktop session was interrupted. ? The Organization determined it was the victim of a ransomware attack. Files and systems were encrypted. The attack began on June 21, 2021.
P2022-ND-018

Mercedes-AMG GMBH

? On June 21, 2021, the Organization was made aware that personal data files relating to users of its ‘Private Lounge’ service was being offered for sale on a web forum. ? The Private Lounge is an internet community platform established and provided by the Organization for owners of Mercedes-AMG vehicles, who could register to join the Private Lounge via an online registration process.. ? An external security researcher reported the sale of the data. …
P2022-ND-017

Carey Management Inc.

On May 9, 2021, the Organization became aware that it was the subject of a cybersecurity incident, which resulted in the unauthorized access of some personal information of current and former employees of Spruce It Up Garden Center Inc. The perpetrators of the cybersecurity incident used malicious software to circumvent security safeguards and were able to obtain unauthorized access to the Organization’s systems. The Organization engaged their third-party security operations center to help rapidly investigate …
P2022-ND-016

Novo Nordisk Canada Inc.

The Organization contracts with Limeade, a third party service provider, to offer the NovoHealth platform to employees. The platform allows employees to track activities to earn rewards in the form of gift cards. In late September 2020, Limeade discovered a third party used automated means to guess usernames and passwords to gain unauthorized access to end users’ accounts. Limeade made product changes and the suspicious activity subsided. In November 2020, Limeade became aware of some …
P2022-ND-015

Debra Jackson, Registered Psychologist

On March 4 or 5, 2021, an employee responded to a phishing email that purported to be from Microsoft. On March 8, 2021, the employee?s email account was hijacked and the employee?s contacts were sent emails requesting they purchase gift cards. The Organization was notified by the employee’s contacts that they were receiving strange emails from the employee about gift cards.
P2022-ND-014

Dynamic Insight Corp

On March 1, 2021, the Organization learned that an unauthorized individual accessed an employee email account. Certain email contacts of the employee received phishing emails thereafter. The account may have been accessed as a result of a phishing email. The Organization reported that no claim files were affected.
P2022-ND-013

Connor, Clark & Lunn Private Capital Ltd.

On March 29, 2021, an email record search for a former client was sent to a wrong email address. On April 7, 2021, the Organization?s security team discovered the incident as part of their monitoring processes. They have confirmed no other emails have been sent to this email address.
P2022-ND-012

Defender Industries, Inc.

On April 15, 2021, Defender became aware of malware on its e-commerce platform. Defender submitted the breach occurred on November 22, 2020. Defender took immediate steps to remove the malware and notified its merchant processor as well as Visa, Mastercard, and American Express. On April 23, 2021, it was determined that this incident might involve personal information of certain Defender customers.
P2022-ND-011

AMA Agencies Ltd. o/a AMA Insurance Agency

On April 2, 2021, two employees with the Organization were subject of a phishing attack. The employees received an email from a threat actor impersonating one of the Organization?s vendors, Premier Marine (Premier Group). The email was sent by (staff name)@PrennierGroup.com (the correct domain name of the vendor is premiergroup.com). The staff at Premier Group is a regular contact at Premier Group that handles issues related to account payment discrepancies. The email requested the Organization …
P2022-ND-010

Raymond James Ltd.

On March 24, 2021, an unknown adversary gained access to the Organization?s Employer Portal on the Indeed.com (Indeed) job-posting platform. Indeed was notified immediately. Access to the Organization?s Employer Account was frozen by Indeed. Password changes were implemented by the Organization. The adversary had access to the Organization?s Employer Portal for approximately 2 hours and 15 minutes on March 24, 2021. During that period of compromise, the adversary sent out the first batch of phishing …
P2022-ND-008

Medical Pharmacies Group Limited

On May 22, 2021, the Organization was victim to a ransomware attack. The incident was discovered the same day by the Organization?s IT personnel. An investigation determined that the attacker my have gained access to personal information of current and former employees. The Organization did not report how the attacker compromised and gained access to their network.
P2022-ND-007

Plains Midstream Canada ULC

The Organization uses a third party service provider (Dynamic Insight Corp. or ?Dynamic?) that assists the Organization with short term disability claim management. Dynamic receives the Organization?s employee claim information in order to assist with the provision of this service. On June 22, 2021, Dynamic notified the Organization that a Dynamic?s employee email account was accessed by an unauthorized individual on or about March 1, 2021. Dynamic was unable to determine the cause of the …
P2022-ND-006

Enhance Energy Inc.

On February 16, 2021, unauthorized users logged into the corporate email accounts of five of the Organization?s employees. A total of 32 suspicious logins were identified between February 16, 2021 and April 9, 2021. On April 9, 2021, a failed attempt at wire fraud was discovered when a supplier of Enhance Energy inquired about a payment.
P2022-ND-005

Guess?, Inc.

The Organization recently completed an investigation regarding a cybersecurity incident designed to encrypt files and disrupt business operations. The Organization?s investigation determined that there was unauthorized access to certain of its systems between February 2, 2021 and February 23, 2021. On May 26, 2021, the investigation determined that personal information related to certain individuals might have been accessed or acquired by an unauthorized actor. The Organization said additional work was required to identify addresses for …
P2022-ND-003

Arabian Horse Association

On February 20, 2021, the Organization discovered that it was a victim of a cybersecurity incident. An unauthorized third party may have accessed the Organization?s accounting server. The Organization began measures to restore its operations. However, on March 31, 2021, the Organization experienced a second cybersecurity incident. On April 23, 2021, the Organization determined that an unauthorized third party accessed personal information of certain members and prizewinners on February 20, 2021 and/or March 31, 2021.
P2022-ND-002

Co-operators Group Ltd.

One of the Organization?s insurance claims vendors suffered a malicious attack. On March 14, 2021, a rogue actor compromised the email account of an employee of the vendor. Seven separate connections were made to the email account on this date. The exact duration of those connections is unclear at this time. The rogue actor had the ability to access the email account, but it is unclear to the Organization what was accessed inside the email …
P2022-ND-001

Herff Jones LLC

On April 7, 2021, the Organization became aware of suspicious activity involving certain customers? payment card information. In late May, the Organization determined that certain customer personal information was subject to unauthorized access. The Organization reported that forensic evidence shows activity related to unauthorized access to and exfiltration of payment card information occurred during the period of January 11 to April 19, 2021.
P2021-ND-345

Yahoo! Inc.

On August 1, 2016, media reported a hacker?s assertion that the Organization?s data had been obtained. The Organization investigated and found evidence suggesting that a copy of certain user account information may have been transferred from the company?s network in November 2014. On September 22, 2016, the Organization announced that a copy of certain user account information had been stolen by what the Organization ?continues to believe is a state-sponsored actor?. In a later submission, …
P2021-ND-344

Darren K. Queck Professional Corporation O/A Queck & Associates

On September 25, 2020, the Organization inadvertently emailed the personal information at issue to an unintended recipient due to an error in the email address. The breach was discovered on October 30, 2020.
P2021-ND-343

Advanced Upstream Ltd.

On April 9, 2019, the Organization?s legal counsel sent a letter to a third party organization advising that the affected individual owed certain contractual confidentiality and non-competition obligations to the Organization by virtue of his prior employment. A similar letter was sent to the affected individual to remind him of the confidentiality and noncompetition obligations that he owed to the Organization. The affected individual advised the Organization that the disclosure of his employment agreement was …
P2021-ND-342

Rowland, Parker & Associates LLP

On April 2, 2021, the Organization found it was unable to log into workplace servers. The Organization engaged its IT service provider who determined that threat actors accessed the network and client personal information without authorization. Shortly after discovery, the threat actors contacted the Organization and confirmed the breach. Based on the Organization?s investigation, it is believed that a phishing campaign lead to the attack involving ransomware. It is also reported that the threat actors …
P2021-ND-341

Metal-Fab Industries Ltd.

On January 2, 2021, the Organization discovered that it was the victim of a cyber-attack that encrypted its IT environment. The breach was discovered the same day during regular on-site maintenance. The Organization reported that the threat actor?s main interest was a ransom payment.
P2021-ND-340

Olymel LP

The Organization is a subsidiary of the ?Sollio Cooperative Group? (Sollio). On November 7, 2020, Sollio suffered a ransomware attack. Sollio?s analysis of the incident determined that the threat actor first gained access to its systems on November 2, 2020. On December 4, 2020, Sollio notified the Organization that personal information about its employees may have been impacted. This was confirmed on May 12, 2021. It is reported that the threat actor published the exfiltrated …
P2021-ND-339

Canpar Express Inc.

On August 19, 2020, the Organization discovered that it was victim to ransomware. The attack began on or about August 13, 2020 when a server was infected with malware. Several strains of malware, use of offensive tools (Cobalt Strike), and lateral movement of the attacker(s) to other systems were reported. On September 14, 2020, the Organization discovered that exfiltrated records were leaked on the Dark Web. It is not known how the attackers initially compromised …
P2021-ND-338

Pureform Diagnostic Imaging Clinics Inc.

On March 20, 2021, the Organization was subject to a ransomware attack (Sodinokibi). The breach was discovered on the same day when employees noticed they were unable to access information on affected systems; a ransom note was also found. The Organization reported that the threat actor gained access to the Organization?s network via a brute-force attack against an employee user account. The threat actor subsequently uploaded the malicious payload and exfiltrated records.
P2021-ND-337

EBM Geoscience Inc.

The Organization was the victim of a business email compromise. The incident was discovered on or about May 19, 2021, when the Organization?s bank representatives inquired about email address changes and a wire transfer authorization request. An investigation determined that two organizational email accounts were compromised as early as May 15, 2021, and were used to initiate fraudulent wire transfers. The Organization did not report how the email accounts were compromised.
P2021-ND-336

ULS Maintenance & Landscaping Inc. and Urban Life Solutions Inc.

The Organization uses a third party service provider, Dayforce. On or about May 27, 2021, a human resources employee was speaking to a former employee who, prior to their termination, worked in payroll administration for the Organization. During that conversation, the former employee made remarks suggesting they had (unauthorized) access to the Organization?s payroll information. The matter was escalated for investigation. In conjunction with Dayforce, the Organization determined ?that a Super Admin role had been …
P2021-ND-335

AIG Insurance Company of Canada

On or about September 26, 2020, the Organization was notified by one of its third party claims processors – Arthur J. Gallagher / Gallagher Bassett (collectively, Gallagher) – that Gallagher was the subject of a ransomware attack. ?[An] unknown individual accessed or acquired data? from Gallagher?s network between June 3 and September 26, 2020. Initially, the third party reported that data under the control of the Organization was not impacted in the incident. However, ?Upon …
P2021-ND-334

Mawer Investment Management Ltd.

On July 9, 2021, an unauthorized actor circumvented multi-factor authentication safeguards and gained access to an employee email account. An investigation determined that the unauthorized access lasted approximately one hour; during the incident, the unauthorized actor conducted searches about financial transactions, browsed email messages, and may have exfiltrated a mailing list.
P2021-ND-333

Audi Canada Inc., and Volkswagen Group Canada Inc.

On March 10, 2021, the Organization was notified that data relating to its customers was in the custody of an unauthorized third party. An investigation determined that ?at some point between August 2019 and May 2021,? one of the Organization?s vendors inadvertently set ?cloud containers containing [the Organization?s] data to open permissions?. The Organization believes ?the threat actor intentionally took the data at issue?.
P2021-ND-332

Americold Realty Trust

On November 15, 2020, the Organization was subject to a ransomware attack. The attack was discovered on the following day, November 16, 2020. An investigation determined that the attacker had access to the Organization?s systems as early as October 29, 2020. In a December 17, 2021 update, the Organization explained that the attacker gained access to the environment by ?[exploiting] a vulnerability in a server? and also confirmed that ?Certain records were exfiltrated in connection …
P2021-ND-331

Mother Parker?s Tea & Coffee Inc.

On February 28, 2021, the Organization was the subject of a ransomware attack. The Organization?s IT department discovered the incident that day ?when the encryptor was executed across systems.? An investigation determined that the initial compromise likely occurred in early February and may have been related to a phishing / spear-phishing campaign. The Organization could not rule out the possibility that data was exfiltrated during the attack.
P2021-ND-330

Soroc Technology Inc.

On May 7, 2021, the Organization was the subject of a ransomware attack. The incident was discovered when a ransom note was received on the same day. An investigation determined that the unauthorized third party may have exfiltrated data. The Organization did not indicate how its environment was breached by the attacker.
P2021-ND-329

Connect First Credit Union Ltd.

On August 6, 2021, a member of the credit union unintentionally logged into another member?s account. The Organization explained that ?The impacted member did not change [their] default password, which was originally the same as the username? The [other] member coincidentally used the same username and password when accessing [their] own online account.? The incident was discovered the same day when the member contacted the bank and reported that they were ?viewing the account profile …
P2021-ND-328

Home Financing Solutions Inc.

The Organization uses a mortgage application and processing system, Velocity, from the vendor Newton. Between August 14 and 31, 2021, an unauthorized actor gained access to Velocity. They accessed former clients? mortgage applications and were able to obtain copies of applicants? credit reports. The Organization became ?fully aware? ?of a security breach? on or about September 2, 2021, when an affected individual was alerted to an enquiry on their Equifax account; the individual notified the …
P2021-ND-327

Nick Milkovich Architects Inc.

On April 6, 2021, the Organization was subject to a ransomware attack. The incident was discovered on the same day when an employee found they were unable to access their computer. The Organization did not report how the malicious actor gained unauthorized access to conduct the attack.
P2021-ND-326

The King?s University

On March 16, 2021, a member of the Organization?s IT Department attended the Counselling Services office to fix a malfunctioning printer. Seven documents in the printing queue were accidentally sent to the public access printer. The breach was discovered on March 19, 2021, when a student discovered the documents on a public access printer and turned them in to the Registrar?s Office.
P2021-ND-325

International Union of Bricklayers and Allied Craftworkers

On June 29, 2020, the Organization discovered suspicious activity relating to a number of employee email accounts. An investigation determined that the accounts were subject to unauthorized access between June 4, 2020 and July 10, 2020, but could not rule out access to any emails or attachments within the accounts. The Organization reviewed the email accounts to determine whether they contained any sensitive information and to whom the information relates. The Organization reported, ?To date, …
P2021-ND-324

iHerb Inc.

The Organization experienced a breach that resulted in compromised user accounts. The Organization?s notice to affected individuals said that ??beginning in mid-October 2020, an unauthorized party used the login credentials (i.e., email and password) of certain of our customers to access their ? accounts. Based on our investigation, the compromised credentials appear to have been taken from third parties independent of [the Organization] and were not obtained as a result of a compromise of our …
P2021-ND-323

Aerium Analytics Inc. & Aerium SPV Inc.

Between April 13 – 21, 2021, one of the Organization?s email accounts was regularly accessed by an unauthorized party, using the correct password. The Organization reported it does not know how the credentials were obtained. The account was used to send an unauthorized email on April 13, 2021 requesting payment of an invoice; the breach was discovered when the email recipient contacted the Organization to verify the request. The Organization reported that the ?unauthorized user …
P2021-ND-322

AmeriCommerce by Cart.com

On March 29, 2021, the Organization identified a security incident involving unauthorized use of the file upload feature of its application to add code to the checkout page of some of its merchant customers. The code was added to the sites involved at different times starting on March 25, 2021. The Organization removed the code from all sites on March 29, 2021. Transactions using a stored payment card and transactions entered directly by the merchant …
P2021-ND-321

Elliott Company

On March 29, 2021, a threat intelligence vendor notified the Organization about a potential data compromise resulting from a malware attack on the Organization?s computer systems in Sparks, Nevada. The Organization investigated to determine the nature and extent of the incident and what data had been compromised. The Organization believes (but has not been able to confirm) that the security of some archived human resources was compromised. The Organization reported the breach occurred on February …
P2021-ND-320

Entreprise Robert Thibert Inc.

On January 25, 2021, the Organization discovered that an unauthorized party gained access to a directory that contained employee personal information. The Organization reported, ?This directory does not contain any structured files of personal information, which significantly reduces the risk of malicious use.? The Organization discovered the incident on January 25, 2021 when it noticed that some of its computer systems were encrypted and no longer accessible.
P2021-ND-319

Operation Eyesight Universal

On October 15, 2020, the Organization?s former third-party service provider, Blackbaud, advised that it had been subject to a ransomware attack in May 2020. As part of that incident, data was exfiltrated from Blackbaud?s systems. The Organization had previously engaged with Blackbaud as a service provider to process donations and store and manage donor, volunteer and supporter information, but had changed suppliers prior to this incident. Unfortunately, Blackbaud did not delete the Organization?s information and …
P2021-ND-318

Rightway Immigration and Education Services

On January 17, 2020, The Organization discovered suspicious activities in its email accounts. The Organization determined that threat actors accessed two mailboxes frequently, between September 17, 2019 and January 17, 2020. A third mailbox was accessed twice, on September 21 and 23, 2019. The Organization?s investigation also found that four links had been created for document transfers from the account. The Organization reported, ?evidence was not available to identify which emails were accessed? or ?which …
P2021-ND-317

Gay Lea Foods Co-Operative Limited

On December 27, 2020, the Organization?s core IT infrastructure (“systems”) were encrypted with ransomware. The Organization received a ransom note that indicated the data, including personal information, had been accessed and extracted by the threat actor and that, absent payment, sensitive data would be released. The Organization investigated and determined the cause of the incident was a phishing attack. An employee opened a phishing email, which contained a malicious document. The Organization reported, ?there is …
P2021-ND-316

Stampin? Up!

On April 14, 2021, the Organization discovered that its ecommerce website, www.paperpumpkin.com, was modified with malicious code, which captured payment card data as it was entered on the website in connection with a purchase. The Organization investigated and determined that the payment card information that may have been accessed was related to transactions made between June 12, 2020 and November 17, 2020. A limited number of customers reported fraudulent charges on their credit cards.
P2021-ND-315

Koelnmesse

On February 23, 2021, the Organization became aware of a possible data security incident involving its computer network. The Organization determined that an unauthorized individual accessed an employee?s email account from January 26, 2021 to February 23, 2021. The Organization retained a third-party vendor to review the impacted information. The review was completed on May 7, 2021 and determined that the personal information of one (1) Alberta resident might be impacted. The Organization reported that …
P2021-ND-314

Convoy of Hope

In May 2020, the Organization?s cloud-based software and data hosting solutions provider, Blackbaud, discovered that it was the target of a ransomware attack. Threat actors managed to remove a subset of data from Blackbaud’s self-hosted environment, which included data being processed by Blackbaud for the Organization. On or around July 16, 2020, the Organization received a notification from Blackbaud informing it of the incident affecting the data of some of the Organization?s members. On October …
P2021-ND-313

Alberta Beef Producers

The Organization was the subject of a cyber security breach, which began on June 27, 2021 and ended on June 28, 2021. The attacker targeted the Organization?s online payment system and gained unauthorized access using stolen credentials of an employee of the Organization. The attacker was unsuccessful in attempts to make fraudulent payments; however, personal information for some of the Organization?s vendors could have been exposed. The Organization reported, ?the attackers plan was to alter …
P2021-ND-312

Letko, Brosseau & Associates Inc.

On May 2, 2021, the Organization discovered it was the target of a ransomware attack by an external individual, resulting in most of its production systems being encrypted. The Organization reported that it took all measures to block the unauthorized access, contain the incident and prevent a recurrence were implemented immediately. The Organization?s investigation revealed the REvil ransomware group perpetrated the attack and work files were exfiltrated.
P2021-ND-311

ABC Head Start Society

Between May 26, 2021 and May 29, 2021, an intruder gained access to an employee?s Microsoft Office 365 account. The Organization later learned the employee had opened email attachments sent by a ransomware email. On May 29, 2021, a request was received from the employee?s compromised account for access to the Organization?s Finance SharePoint site. A manager followed up with the employee, who confirmed they had not requested access. On the same day, Microsoft sent …
P2021-ND-310

Tara Cassidy Professional Corporation

On January 5, 2021, the Organization discovered unauthorized access to its computer systems in the form of a ransomware attack. An investigation determined that the threat actor opened/viewed seven (7) documents on the Organization?s systems, but these documents did not contain any personally identifiable information. The investigation also determined that the threat actor obtained domain administrator credentials and employed a number of “anti-forensic” measures such as deleting event logs. The Organization reported it is possible …
P2021-ND-309

USA Waste-Management Resources, LLC

The Organization stores certain information for its Canadian affiliates on its servers. On January 21, 2021, the Organization?s security controls reported suspicious activity on this network. The Organization investigated, and determined that an unauthorized actor entered the Organization?s environment between January 21 and 23, 2021, accessed certain files, and took a limited number of files. On May 4, 2021, the Organization determined that the potentially compromised files contained the personal information of certain individuals. However, …
P2021-ND-308

AVENIR GLOBAL Inc.

On December 29, 2020, the Organization was informed that it was the target of a ransomware attack, which affected its systems in a number of jurisdictions. Some information shared with the Organization or one of its subsidiaries was consequently compromised. The Organization?s investigation suggests the breach likely resulted from a phishing email. The Organization does not have any information to suggest that the accessed information has been misused. The Organization reported, ?to the contrary, we …
P2021-ND-307

Centaur Products Inc.

On December 21 and 22, 2020, malicious actor(s) accessed an employee email account and used it to create a fictitious account and post a job for a receptionist on an employment recruitment site. The breach was discovered when an acquaintance of a staff member inquired about the job posting. On December 22, 2020, the Organization determined that it was not a valid job posting. On December 22, 2020, the malicious actor(s) also sent emails from …
P2021-ND-306

Avenue Living Asset Management Ltd.

On November 26, 2020, an employee with the Organization unknowingly clicked on a phishing link sent to her by email, which in turn allowed an unauthorized actor to gain access to the employee’s email account and subsequently send a phishing link to the employee’s contacts via email. The breach was discovered the same day after multiple emails were sent from the employee?s account, and various replies were received. The Organization reviewed all emails and determined …
P2021-ND-305

United Active Living Inc.

On October 28, 2020, an employee of the Organization was delivering monthly rental statements to resident suites during the night shift. The statements were to be left on the shelf at the suite door. However, statements were delivered to the wrong suites. The breach was discovered the same day when a resident reported receiving the wrong envelope. He did not open it.
P2021-ND-304

ARCH Psychological Services

On November 12, 2020, the Organization sent an invoice by email which contained a client?s name and address to another client in error (unintended recipient). The breach was discovered on November 16, 2020 when the unintended recipient informed the Organization that she received an invoice for someone other than herself. The Organization requested that the unintended recipient delete the information received in error.
P2021-ND-303

TaskRabbit, Inc.

On December 7, 2020, the Organization experienced a spike in unusual traffic in the login endpoints for the Organization?s client and tasker mobile applications. The Organization determined that its website and mobile application had been subject to a credential stuffing attack on certain user accounts between December 7 – 14, 2020. The Organization reported it believes the credentials were obtained from a third-party site or app where users used the same password.
P2021-ND-302

1219146 Alberta Ltd.

Between March 27, 2020 and March 28, 2020, the Organization?s office was broken into and the Organization?s safe was stolen and subsequently compromised. The safe contained unencrypted external hard drives used to back-up data from individually assigned computers.
P2021-ND-301

Backroads Canada Corporation

On October 2, 2020, the Organization?s parent company discovered certain portions of its network and workstations were impacted by a ransomware incident. On October 9, 2020, a forensic investigation discovered that human resources data was potentially exfiltrated. On or around October 16, 2020, it was confirmed that Canadian employee information was part of the exfiltrated data. The breach was discovered on October 16 through the use of early detection and response software, which detected abnormal …
P2021-ND-300

Premier Tech Limited

On January 25, 2021, the Organization discovered that it was the victim of a cybersecurity attack by an unauthorized third party. The malicious actor deployed ransomware to encrypt the Organization?s technology infrastructure and to exfiltrate data. On February 11, 2021, the Organization discovered that the unauthorized third party may have gained access to and may have exfiltrated the personal information of its team members and immediately undertook an additional investigation to determine the scope of …
P2021-ND-299

Sabre Instrument Services Ltd.

On December 16, 2020, as part of a ransomware attack, an unknown threat actor installed malware in the Organization?s system. The Organization determined that the malware harvested and copied usernames and passwords used by its employees to log into the Organization?s system. The malware would have automatically copied usernames and passwords that were in the system on December 16-17, 2020. The attacked was discovered on December 17, 2020. The Organization?s investigation determined that while the …
P2021-ND-298

Alberta Teachers? Association

On September 1, 2019, online applications for professional development scholarships and bursaries were inadvertently stored in a section of the Organization?s website that was accessible publicly. As a result, applicants? contact information was returned as part of search-engine results when specific searches were conducted for the contact information data fields forming part of the application form. The breach was discovered on April 5, 2021, when a member of the Organization searched for her own email …
P2021-ND-297

SLR Consulting Ltd.

On February 28, 2021, the Organization was alerted to a ransomware attack on its systems, which encrypted its file servers, and ERP system in Europe and Asia Pacific. The threat actor left a ransom note claiming that data was extracted from the Organization?s systems, and also threatened to publish data. The Organization received evidence that data from servers located in the UK and Australia was extracted. Systems in Canada remain unaffected and secure. The incident …
P2021-ND-296

HSBC Investment Funds Inc.

The Organization?s customer agreements require customers to keep their contact details up to date, including their mailing address. From time to time, mail sent by the Organization to customers at their address on file is returned to sender. On the basis that such customers have not updated their mailing address, the Organization will place a return mail flag on their accounts directing that mail not be sent to their address until such time as their …
P2021-ND-295

FPI Management

On August 14, 2020, the Organization learned that it experienced a data security incident that disrupted access to certain of its systems. An unauthorized third party gained access to certain of the Organization?s systems and personal information stored on these systems was accessed or acquired without authorization. On March 3, 2021, the Organization determined that personal information belonging to one Alberta resident may have been accessed or acquired without authorization.
P2021-ND-294

Nissan Canada Inc.

The Organization is an affiliate of Nissan North America, Inc. (?Nissan NA?); the latter provides administrative services, including information technology services, to the Organization, and also provides a suite of connected vehicle services known as Nissan ConnectServices (and for the INFINITI brand, known as INFINITI InTouch Services) that allows vehicle owners to access vehicle information, stay connected to their vehicle, and get assistance when they need it. On January 2, 2021, the Organization became aware …
P2021-ND-293

Stella-Jones Inc.

On April 13, 2021, an employee with the Organization received a phishing email and did not realize it was not from a trusted source. The employee provided their username and password as well as multi-factor authentication code. The hacker then logged into the employee?s email and address book for several hours.? The Organization reported, ?There is no log showing the hacker copied this information, however he had access to it.? The hacker sent emails posing …
P2021-ND-292

First Canadian Title Company Limited

The Organization reported an incident ?involving potential unauthorized access to personal information in [its] control?. On January 20, 2021, the affected individuals couriered documents to a representative of the Organization. The representative did not receive them. The package could not be located.
P2021-ND-291

Ross Taylor Financial Corporation

On January 18, 2021, the Organization became aware of a ransomware attack on its computer system by cyber criminals. The computer system was breached by criminals gaining access to the Organization?s internal network. On January 25, 2021, the Organization became aware that personal information had been taken and that the data stolen may be available online on the dark web.
P2021-ND-290

Omaze, Inc.

On October 8, 2020, the Organization was notified by the Federal Bureau of Investigation that it had potentially been subject to a cyber-attack, and a database of what was purported to be the Organization?s user data was available on a sharing and marketplace forum. The Organization reported that it appears the records were posted to the forum on July 19, 2020. The Organization identified that the posted database contained two datasets of purported user information, …
P2021-ND-289

Silverberg & Associates Inc.

On October 4, 2017, an employee of the Organization noticed that a suspicious email seemed to have originated from his email account. The employee opened his email account from his desktop and noticed that someone else seemed to have control of his computer. The perpetrator deleted some of the employee?s contacts, and sent and deleted folders, and also sent a phishing email to the employee?s contacts. The email account was secured on October 4, 2017. …
P2021-ND-288

News America

Between September 27 and October 4, 2018, an unauthorized third party attempted to gain access to Checkout 51 accounts via the Checkout 51 login application program interface (API). The incident arose out of an apparent reuse of usernames and passwords. The third party may have attempted to gain access to the Checkout 51 accounts of users who use the same username and password on multiple websites. When a new device or web browser successfully accesses …
P2021-ND-287

Mobile Service Center Canada Limited operating under the registered trade name ?Mobile Klinik?

The Complainant took his cell phone into the Organization on September 7, 2019, for repair. The Complainant returned to the Organization the same day to pick up the phone. When the Complainant turned the phone on, photos and other information about another individual (the affected individual) were being downloaded onto the Complainant?s phone. The Complainant surmised that the micro SD card from the affected individual?s phone had been placed in the Complainant?s phone by the …
P2021-ND-286

The Portage la Prairie Mutual Insurance Company

On December 6 and 7, 2018, the Organization learned two of its employee email accounts were accessed by an unauthorized individual and used to send a number of phishing messages. The cause of the incident was determined to be phishing emails that had been sent to the two employees.
P2021-ND-285

Sunshine Village Corp.

Two individuals were involved in an on-mountain snowboarding collision in December 2018. In April 2019, one party involved in the collision contacted the Organization to request contact information of the other party. The Organization provided the information, mistakenly believing it had consent to disclose the information. The breach was discovered when the subject of the information contacted the Organization to inquire how the other party had obtained access to his contact information.
P2021-ND-284

Homewood Health Inc.

The Organization was the subject of a cyber-attack which resulted in the exfiltration and publication of client personal information on the data marketplace ?Marketo.? The Organization?s investigation determined that the attack on the network began on or about March 9, 2021, when an unknown device accessed the server(s) and exfiltrated records. It is believed the threat actor obtained credentials via phishing, then used offensive tools (Cobalt Strike) to propagate the attack. The attacker also attempted …
P2021-ND-283

RBC Life Insurance

The Organization uses third party service providers to ?assist ? in the adjudication of ? insurance claims.? On March 17, 2021, the Organization received a suspicious email from one of its third party suppliers. The suspicious email was reported to the third party on March 19, 2021. The third party investigated and determined that an employee email account was compromised on or about March 14, 2021. The affected email account contained personal information of the …
P2021-ND-282

8159181 Canada Inc. d/b/a Canadian Bitcoins

Between October 9 and 11, 2021, a database under the control of the Organization was accessed without authorization. The Organization reported that it ?…initially became aware of unusual activity on its website on October 11, 2021, when its system automatically generated an error email.? At that time, the Organization disabled its website, investigated, and quarantined suspicious files. On October 21, 2021, the Organization ?received an email from an anonymous perpetrator alleging that he/she had downloaded …
P2021-ND-281

Travel Healthcare Insurance Solutions Inc. o/a guard.me International Insurance

On or about June 19, 2021, the Organization was subject to an SQL injection attack. The attacker compromised two SQL databases; records were deleted and a ransom note was inserted.
P2021-ND-280

Servus Credit Union Ltd.

On January 20, 2021, the Organization?s Internal Audit department identified numerous instances where four employees of the organization had accessed account information of other employees and members without an authorized purpose. The accesses were discovered during a review into system access conducted in January. The Organization reported the unauthorized accesses occurred between November 2020 and February 2021.
P2021-ND-279

Airbnb Ireland UC

On September 24, 2020, the Organization discovered a technical issue that caused the incorrect messaging inbox to be displayed to certain users for a short period of time (i.e. three hours). During this time, users might have inadvertently accessed the messages of other users when attempting to use their own inbox. The Organization investigated and found that a defect in its content delivery network (CDN) caused certain users? API requests to be cached incorrectly. The …
P2021-ND-278

College of Licensed Practical Nurses of Alberta

The Organization uses a Learning Management System (LMS), hosted by a third party service provider, Steppingstones Partnership, Inc. (Steppingstones). Steppingstones leases web servers and services from another third party, Web Hosting Canada. On October 14, 2020, Steppingstones received a notification from Web Hosting Canada concerning a security issue impacting one of their services. Several law enforcement agencies also discovered the incident on October 14, 2020, via a tweet that identified the compromised web address, and …
P2021-ND-277

The Manufacturers Life Insurance Company

On April 5, 2021, the Organization was notified of potentially unauthorized transaction activity on its web-based application involving customers of a contracted advisor. The perpetrator of the unauthorized access leveraged the advisor?s authentication credentials (username and password) to process fraudulent transactions. The Organization reported that the focus of the attack appears to have been financial fraud.
P2021-ND-276

Canfin Magellan Investments Inc.

On July 7, 2020, the Organization was informed by police that a stolen U-Haul van had been located and original documents belonging to the Organization were found in the van. The Organization believes the documents were stolen from a rented storage unit between August 2018 and June 2020. The Organization investigated the accounts of all affected active clients and did not identify any suspicious transactions or other account changes.
P2021-ND-275

Keyera Corp.

On October 27, 2020, the Organization?s human resources team uploaded certain personal employee information via a secure portal to a new group benefits and insurance provider for migration into the service provider?s systems. On November 4, 2020, an employee of the service provider inadvertently emailed a document containing the information at issue to an incorrect email address. The service provider confirmed the email was received by an active account in the “Hotmail” domain. The service …
P2021-ND-274

Alberta College of Social Workers

On March 3, 2021, the Organization mailed form letters, identifying steps required to avoid having a registration cancelled, to the wrong recipients. On March 9, 2021, one of the recipients telephoned the Organization to report the error. The Organization reported, ?One letter was returned to the Organization?s office and the second letter was confirmed destroyed by the member.?
P2021-ND-273

College of Physicians & Surgeons of Alberta

On April 23, 2020, a team member with the Organization contacted the Registrar of another professional college requesting a telephone conversation regarding an employee of the Organization. The team member disclosed the FTE status of the employee, without their knowledge or consent. The other professional college did not provide information regarding the employee, but suggested communicating with the employee directly. On April 24, 2020, the employee contacted the team member to request that, in future, …
P2021-ND-272

US Fertility LLC and Shady Grove Fertility

On September 14, 2020, the Organizations discovered that a third party had gained unauthorized access to some computer systems. Data on some of the servers and workstations were encrypted by ransomware. A forensic investigation confirmed that the unauthorized actor acquired a limited number of files during the period of unauthorized access, which occurred between August 12, 2020 and September 14, 2020. The Organizations reported there is no evidence of actual misuse of personal information as …
P2021-ND-271

The Commonwell Mutual Insurance Group

On March 3, 2021, the Organization became aware that an unauthorized third party had gained access to its IT system on February 24, 2021. The Organization reported that the unauthorized third party was able to gain access to elevated privileges and launch Cobalt Strike. Some registries were modified and suspicious files were created on the system. On March 26, 2021, the Organization learned that certain personal information may have been exfiltrated. All internal systems were …
P2021-ND-270

YMCA of Northern Alberta

On February 4, 2021, the Organization was the target of a break and enter. A cabinet that contained personal information was stolen.
P2021-ND-269

AltaSteel Inc.

On February 2, 2021, the Organization mailed out pay statements. Due to a folding and stuffing error, every second employee received two pay statements – theirs and that of another employee. The breach was discovered on February 4, 2021, when an employee informed the Organization they had received another employee?s pay statement along with their own.
P2021-ND-268

Modern Solutions Counselling Services Ltd.

On January 11, 2021, an unknown individual(s) broke into the Organization?s office. The perpetrators stole a laptop that contained medical reports regarding 19 identifiable individuals. The laptop was password protected but not encrypted. There is no indication that the perpetrators have been able to access the information on the laptop. The perpetrators also stole an unknown number of cheque receipts related to services the Organization provided to individuals insured by Canada Life. It is believed …
P2021-ND-267

TAM International Inc.

On or about Saturday, October 24, 2020, cyber criminals encrypted some of the Organization?s servers and network-connected computers and demanded a ransom to decrypt them. They also claimed that they had stolen files from the Organization?s servers, targeting some of the executive team. The Organization?s investigation discovered that the attack originated from a company laptop for an employee based outside of the United States. The laptop was compromised via a phishing email in March 2020, …
P2021-ND-266

Woodstream Canada

On August 24, 2020, the Organization discovered that a third party gained unauthorized access to the e-commerce platform of DynaTrap, a subsidiary of the Organization. A vulnerability on the e-commerce platform allowed for unauthorized installation of code on compromised systems. Data sent to and from the e-commerce platform between August 24, 2020, until September 9, 2020 may have been intercepted. On September 9, 2020, the access was terminated. The Organization investigated and identified the potentially …
P2021-ND-265

Ivari

On April 12, 2021, an insurance advisor saw a blinking message on her computer screen. The message appeared to be from ?Microsoft? and provided a number to call. The advisor called the number and followed instructions to download an ?Ultraview?, which allowed an unauthorized party to gain control of her computer. The unauthorized party indicated the advisor?s email and online banking were hacked, and asked for the toll free number on the back of her …
P2021-ND-264

Baker Funeral Chapel Inc.

On April 21, 2021, the Organization was subject to a ransom attack, which encrypted its network system. The cyber-criminal asked for a bitcoin payment in order to obtain a key to unlock the system. The affected files included templates for funeral bulletins and obituaries that have been published in newspapers. The Organization believes the breach occurred due to an invoice attachment that came in an email. On April 22, 2021, the Organization reported that all …
P2021-ND-263

Insurance Bureau of Canada

On January 28, 2021, an unknown third party temporarily gained unauthorized access to the email account of an employee of the Organization through a targeted email phishing campaign. On February 3, 2021, the unauthorized individual subsequently used the account to send phishing messages to certain contacts in the employee?s mailbox. On February 4, 2021, the Organization alerted recipients of the February 3, 2021 message that it could pose a security risk and should not be …
P2021-ND-262

Take-Two Interactive Software, Inc.

On April 6, 2021, the Organization discovered that its web-store was the subject of a credential stuffing attack which took place between March 19 and 30, 2021. The unauthorized third party logged into accounts using valid credentials obtained from an unknown source. Once logged in, the unauthorized third party redeemed game codes and had access to personal information in the accounts.
P2021-ND-261

BSH Home Appliances

In early December 2020, the Organization investigated several customer complaints regarding unauthorized credit card transactions. The Organization discovered that a temporary employee in the United States had been improperly requesting credit card information from callers and using that information to make unauthorized purchases. The Organization promptly terminated the employee as such collection and use was not authorized and contrary to the Organization?s policies.
P2021-ND-260

Saskatchewan Blue Cross

On April 20, 2021, the Organization discovered it was the victim of a ransomware incident that resulted in the encryption of, and unauthorized access to, certain of its systems. The Organization determined that the incident was perpetrated by a third party threat actor that exfiltrated certain categories of data. The Organization?s investigation also determined that the root cause of the incident and compromise of its systems was likely through a phishing email, although the root …
P2021-ND-259

Le Creuset Canada Inc.

On June 7, 2021, the Organization discovered it was the subject of a cyberattack when a malware alert was triggered. An investigation determined that on or about June 4, 2021, a threat actor gained access to the Organization?s network via legacy network appliances/services and compromised credentials. It is not known how the credentials were obtained. The threat actor gained access to user accounts with elevated privileges through brute-force attack. The incident was contained on or …
P2021-ND-258

Blue Cross Life Insurance Company of Canada

On April 20, 2021, SBC discovered it was the victim of a ransomware incident that resulted in the encryption and unauthorized access to certain of its systems. On April 23, 2021, SBC advised the Organization that personal information relating to its disability claims might have been affected. On May 4, 2021, SBC advised the Organization that information relating to life and disability claims was accessed and provided an initial indication of the number of affected …
P2021-ND-257

Bunge Canada

The Organization reported that ?a shipment of documents containing personal information was aboard a courier delivery vehicle that was stolen?. The incident occurred on March 11, 2021. The courier company reported the incident to the Organization and advised that it is working with law enforcement to retrieve the package.
P2021-ND-256

Canalta Real Estate Services o/a Ramada Cochrane

On February 28, 2021, a storage shed belonging to the Organization was broken into. The break-in was discovered on March 1, 2021, and reported to the RCMP. At the time, only recyclables were noticed to have been stolen. On March 15, 2021, the local police service contacted the Organization and advised they discovered 17 hotel documents containing personal information at a motel in the Calgary area.
P2021-ND-255

The Ferrance Group

On March 12, 2021, an employee with the Organization inadvertently sent an email containing a notice for online sessions to multiple email addresses using the ?To? field instead of the ?Bcc? field. The breach was discovered on March 13, 2021, when one of the recipients reported the error to the Organization.
P2021-ND-254

Victoria?s Secret Stores Brand Management

Between April 13, 2021 to April 14, 2021, the Organization learned that an unauthorized party gained access to personal information in certain of its online accounts. The Organization determined that the unauthorized access to the online accounts was caused by a credential-stuffing bot attack during the course of an application update. The Organization reported that the incident did not arise based on a breach of its security safeguards, but rather, the apparent reuse of legitimate, …
P2021-ND-253

Alberta College of Speech-Language Pathologists & Audiologists

On March 12, 2021, several employees of the Organization were the target of an email phishing attack. Two employees provided passwords that would give access to their email accounts. The Organization reported the breach was discovered when employees found that providing their password did not allow them to login to their email account. On March 13, 2021, the Organization identified one unknown actor gained access to the email account to one of the two employees? …
P2021-ND-252

Goodfellow Inc.

The Organization reported that its core systems were encrypted with ransomware on September 24, 2020. A ransom demand indicated that sensitive information would be disclosed if a payment was not made. There is evidence that some personal information was exfiltrated but the full scope of the exfiltration has not yet been determined. As of the date of the Organization?s report of the breach, there is not information indicating that any personal information that may have …
P2021-ND-251

E & J Gallo Winery

On November 17, 2020, the Organization experienced a cyber incident designed to encrypt files and disrupt its business operations. An investigation determined that an unauthorized party gained access to the Organization?s systems between November 7, 2020 and November 17, 2020, during which time certain information on some servers may have been accessed or acquired. The Organization reported the breach was discovered on January 15, 2021, when unusual activity occurred on the network.
P2021-ND-250

Airbnb Ireland UC

On April 2, 2021, the Organization discovered a technical vulnerability involving user accounts that had been subject to an ?account takeover? (ATO). The Organization reported that the vulnerability did not cause the ATOs; however, it permitted a malicious actor engaged in an ATO to remain logged in to user accounts after the Organization had taken steps to terminate access and force a password reset. The Organization reported it previously informed its users that their accounts …
P2021-ND-249

Vision Credit Union Ltd.

On December 10, 2020 and March 25, 2021, the Organization forwarded personal information by email to an incorrect email address. The unintended recipient mentioned in a Facebook posting that they had received someone else’s information. The Organization reported the breach was discovered on April 23, 2021.
P2021-ND-248

American Frame Corporation

On August 1, 2020, the Organization was the subject of a cyberattack involving the encryption of data and a ransom demand in exchange for decryption (ransomware). The Organization reported that personal information was exposed and may have been accessed during the attack.
P2021-ND-247

Hayward Pool Products Canada, Inc.

A document containing personal information about customers was intended to be placed in a password-protected secure folder that could only be viewed within the Organization by those with access to it via password. Inadvertently, the document was placed in a different folder that was not password-protected and whose contents could be viewed online outside of the Organization. The breach was discovered on February 10, 2021, when a member of the public notified the Organization that …
P2021-ND-246

Canadian Western Financial Ltd. (Mutual Fund Dealer, subsidiary of Canadian Western Bank)

A client with the Organization requested that email correspondence be sent to him at two separate email addresses: one a work email and the other a personal email. An employee with the Organization entered the personal email address of the client incorrectly when sending an email on January 28, 2021. The breach was discovered on February 1, 2021 when the client successfully received the email at his work email address and noticed that the personal …
P2021-ND-245

World Financial Group Insurance Agency of Canada

On January 28, 2021, an agent’s assistant sent emails containing a partially completed trade ticket to a client for his review and signature. The client notified the agent that no email was received. On January 29, 2021, the agent?s assistant resent the emails. Again, the client confirmed that no email was received. The agent check his assistant’s outbox and noticed that the email address for the client was incorrect.
P2021-ND-244

Florinda Financial Planning Inc.

On April 5, 2021, the Organization learned that its customers were impacted by unusual activity that was transacted through a third party web-based portal. The Organization reported that the breach appears to be the result of unauthorized access using an advisor?s authentication credentials (username and password). The Organization reported that this unauthorized access by the perpetrator appears to have been used to process fraudulent transactions on customer accounts. The breach occurred between March 23, 2021 …
P2021-ND-243

SkipTheDishes Restaurant Services Inc.

On April 5, 2021, the Organization learned of suspicious activity on its network. The Organization investigated and found a small number of instances where fraudsters were bypassing two-factor authentication (2FA) by chatting with agents, posing as customers and requesting that account telephone numbers be changed. In most cases, the fraudster was able to supply the original telephone number on the account, as well as the customer?s email address and, in some cases, a delivery address. …
P2021-ND-242

Westech Industrial Ltd.

On February 10, 2021, the Organization detected suspicious network activity on its servers. The following day, February 11, 2021, the Organization received a ransom demand via email. The Organization reports that although deployment of ransomware was threatened, no malicious files were found nor were files encrypted. No root cause of the breach was identified.
P2021-ND-241

The Debriefing Academy Inc.

The Organization uses a third party (Webeteer Inc.) for website development and support. At the time of the breach, Webeteer Inc. subcontracted hosting to another third party, GreenGeeks. On December 6, 2020, the Organization found that its WordPress website was not functioning properly. The Organization notified its website development provider who subsequently responded to the incident. The Organization determined that a malicious actor gained access to the server environment, which includes a database of registered …
P2021-ND-240

TGM Law

On October 7, 2020, the Organization?s office was broken into. The perpetrators stole a laptop, petty cash, and other physical items. The laptop was linked to a cloud server. The Organization reported that ?We have no indication the informaiton (sic) on this laptop has been accessed.?
P2021-ND-239

Forty Creek Distillery Ltd. o/a/ Campari Canada

On November 1, 2020, the Organization detected that it was the target of a malware attack. The unauthorized actor gained access to certain of the Organization?s servers, which included some employee and contractor information contained in the Organization?s global email and telephone directory. The Organization reported it believes the unauthorized actors accessed the network between October 28 and October 29, and perhaps even as early as October 21, 2020.
P2021-ND-238

Dillon Consulting Ltd.

The Organization was a victim of a ransomware attack that encrypted its entire operational IT infrastructure. On the morning of July 10, 2020, the attackers gained access to four (4) workstations and between July 10 and July 19, 2020, the threat actor was able to compromise multiple servers, encrypting all information, and effectively holding the Organization?s operational data hostage. The ransom note indicted that data was exfiltrated, though it did not describe the data. The …
P2021-ND-237

Trans Union of Canada Inc.

The Organization operates an online consumer solutions portal called ?OCS?, which enables consumers to access their consumer disclosure. Each time a consumer wishes to access credit information through OCS, the consumer must provide sufficient personal information to match to their credit file and then authenticate their identity by successfully answer a series of questions generated from information on their credit file, as well as other sources. On October 22, 2020, the Organization noticed an unusually …
P2021-ND-236

IMI Precision Engineering d/b/a Bimba Manufacturing

On November 20, 2020, the organization?s vendor was informed that the vendor?s service provider had a vulnerability on the server(s) that hosted one of the Organization?s websites, Bimba.com. As a result, an unauthorized user may have been able to access or acquire the personal information of the Organization?s customers. The unauthorized user inserted malicious code into web files causing unencrypted copies of e-commerce transaction data to be diverted to the unauthorized user. The information may …
P2021-ND-235

Calgary Meals on Wheels

On January 4, 2021, a driver with the Organization inadvertently left a clipboard with client addresses attached on top of his vehicle while out on delivery. The clipboard slid off the car roof. The driver realized the clipboard was missing and drove back. The driver was able to retrieve the clipboard but none of the sheets with addresses were attached on it. The Organization said, ?Given the wet and slushy road conditions, the information most …
P2021-ND-234

A.K. Ross Professional Corporation

On June 3, 2019, the Organization?s internet service provider upgraded its modem to a newer model; however, the new modem was not set up with the same privacy settings as the old modem. On February 19, 2020, the Organization was notified by one of its clients that a tax document from 2015 stored on the back-up drive at the Organization?s office had been accessed by his bank?s security department. Upon review of the drive, it …
P2021-ND-233

Women Building Futures Society

On January 6, 2021, an employee with the Organization sent an email containing a student’s financial information to another student in error. This was the result of typing in an incorrect email address. The breach was discovered the same day when another recipient of the email, an employee of the Organization, contacted the sender to advise of the error.
P2021-ND-232

2364920 Alberta LTD. o/a PORTpass Inc.

The Organization initially reported that, on September 27, 2021, it was notified by a journalist about a ?vulnerability on our end-point of a url that was hidden on the web portal version …?. The breach occurred when the Organization?s ?external team? was ?adding various end-to-end encryption on the web portal version on AWS for users that don?t have mobile phones for the app?. The Organization reported that it turned off its server ?within 5 minutes …
P2021-ND-231

New Arlington Realty Inc.

On or about November 11, 2020, a workstation and user account was compromised by an unauthorized third party, enabling a threat actor to access the Organization?s network. On November 14, 2020, after ransomware had been deployed on the network, the Organization?s Information Technology (IT) provider discovered the breach. A ransom note was also found. Further investigation found that the compromised workstation and user account had authorizations and administrative access beyond what was necessary.
P2021-ND-230

La Leche League International

In May 2020, the Organization?s cloud-based software and data hosting solutions provider (Blackbaud) was targeted by a ransomware attack during which threat actors managed to remove a subset of data from Blackbaud’s self-hosted environment, which included data being processed by Blackbaud for the Organization. On or around July 16, 2020, the Organization received a notification from Blackbaud informing it of the incident. The cybercriminal encrypted Blackbaud’s data and demanded a ransom payment.
P2021-ND-229

Christian Labour Association of Canada

On October 15, 2020, the Organization was subject to a ransomware attack. The Organization reports that servers were encrypted and records were likely exfiltrated. The Organization was unable to determine how the attacker gained access to their environment.
P2021-ND-228

SE Canada Inc.

On November 11, 2020, the Organization discovered that it was the victim of a ransomware attack by an unauthorized third party. Based on its investigation, the Organization determined that the unauthorized user possibly had access to its systems as early as October 9, 2020. The Organization reported that there is no indication that the data has been used or misused.
P2021-ND-227

American Health Information Management Association

The Organization maintains an online store (https://my.ahima.org/store/), through which customers can make purchases and register for courses. The Organization learned of potential suspicious activity occurring in the online store, took immediate steps to secure its system and conducted an internal investigation. On December 3, 2020, the Organization?s investigation determined that the incident involved the payment card information of customers who made purchases through the online store between June 26, 2020 and June 29, 2020 as …
P2021-ND-226

College of Licensed Practical Nurses of Alberta

The Organization received a complaint alleging unprofessional conduct by a member. On November 6, 2020, an employee inadvertently emailed the letter to an unintended recipient, instead of the Complaints Director. The unintended recipient is another member. The unintended recipient notified the Organization of the error. The Organization telephoned the unintended recipient on November 13, 2020 to discuss deleting the complaint and assisted in deleting the email. The unintended recipient confirmed through email on November 13, …
P2021-ND-225

Employee Benefit Funds Administration Ltd.

? On October 23, 2020, the Organization sent a member?s pension statement to another plan member in error. ? The unintended recipient notified the Organization of the error the same day.
P2021-ND-224

Bear Creek Funeral Home

On October 27, 2020, the Organization placed an envelope of documents and a small parcel of ashes in a Canada Post mailbox in Grande Prairie AB. In November 2020, the Organization contacted Canada Post to see if the package had been scanned in yet. Canada Post informed the Organization that the package had not been received at distribution and to check back. On March 10, 2021, the Organization opened a ticket with Canada Post to …
P2021-ND-223

Walton Global Holdings, Ltd.

On May 4, 2020, a threat actor used a compromised Organizational email account to fraudulently request a large wire transfer. The employee(s) who received the wire transfer request sought verbal confirmation from the requestor. Upon doing so, it was discovered that the request was fraudulent. The Organization?s investigation determined that the threat actor had access to two email accounts between April 7 and May 20, 2020. The email accounts contained personal information which would have …
P2021-ND-222

Anvil Corporation

On March 11, 2021, the Organization suffered a ransomware attack. It was later determined that the attacker had access to the Organization?s network as early as February 9, 2021. The root cause of the initial breach was not reported. On April 12, 2021, the Organization?s investigation determined that attackers were able to view and download records containing the personal information of current and former employees.
P2021-ND-221

Wealthsimple Inc.

On March 5, 2021, the Organization detected unauthorized access to user accounts. It reported the unauthorized access was the result of a credential-stuffing attack. An investigation determined that the credentials were not obtained from the Organization?s network. Instead, it is believed that the unauthorized actor obtained user account credentials from a third party. Subsequently, individuals who re-used the same username and password combination for other services, as obtained by the attacker from the third party, …
P2021-ND-220

Syncrude Canada Ltd.

The Organization?s information and technology support services are supplied by an external IT service provider. These services include the management of a server used by the Organization?s payroll to store payroll files. On August 11, 2021, an analyst with the Organization was performing testing and noticed improper server access settings, enabling access by all users with a LAN account logged into the network. The improper server access settings were in place as early as June …
P2021-ND-219

START Architecture Inc.

On January 25, 2021, the Organization discovered suspicious activity from one of its email accounts. The Organization determined that an employee with the Organization was a victim of a phishing attack that compromised their email mailbox login credentials. Between January 14, 2021 and January 25, 2021, the perpetrator used the credentials to send further phishing emails from the impacted person?s account.
P2021-ND-218

UiPath SRL

On approximately November 30, 2020, a third party notified the Organization that a file containing what appeared to be registration information of certain UiPath Academy participants was accessible on a publicly-available website. The Organization investigated and determined that the content of the file identified by the third party matched the content of a file maintained by the Organization on a third-party cloud server. This file was last updated by the Organization on approximately March 17, …
P2021-ND-217

Calgary House of Cars 6 Inc.

On December 7, 2020, the Organization discovered that intruder(s) gained access to their office and seized a desktop computer, as well as hard copies of certain files. The computer is password-protected and is being monitored via the Organization?s system. The Organization reported that it would be necessary for any illicit user to hack the device’s password as well as several further levels of encrypted software in order to access information on the system; further, all …
P2021-ND-216

Guillevin International Co.

On September 8, 2020, the Organization was the subject of a ransomware attack. A user account, compromised by phishing, was used in the incident. It is reported that the attackers may have had access to the Organization?s network as early as August 13, 2020. The Organization?s investigation determined that personal information was exfiltrated, however, some of the records were protected with a password.
P2021-ND-215

Sonita Goehring Counselling Services Inc.

On February 22, 2021, a student accessed a client’s confidential file without authorization. The breach was discovered the same day.
P2021-ND-214

IPC Securities Corporation

On March 1, 2020, a client emailed the Organization to advise that his mail was being delivered to his old address and to provide the Organization with his updated address. An employee matched the client name to another client in the Organization?s database who had an identical first and last name and similar address. The employee did not validate additional information to ensure the correct client information was updated. Between March 1, 2020 and July …
P2021-ND-213

Wilson M. Beck Insurance (Alberta) Inc.

On February 2, 2021, a phishing email was sent to an employee of the Organization. The breach was discovered on February 2, 2021 when an employee emailed the Organization?s IT department after a client reached out regarding a suspicious email received from the employee.
P2021-ND-212

Richardson Wealth Limited

On January 28, 2021, an employee with the Organization clicked on a link in a phishing email, which gave unauthorized actors her credentials and access to the employee?s email box. The Organization conducted a review and determined that there were 16 emails that contained sensitive personal information that could potentially create a risk harm for five individuals in Alberta. The Organization reported that it is unknown whether the unauthorized actors actually read the emails and …
P2021-ND-211

Fat Face Ltd.

On January 17, 2021, the Organization identified suspicious activity within its IT systems. An investigation determined that unidentified threat actors gained access to certain systems during a limited period of time from December 25, 2020. On January 18, 2021, the Organization contained the incident and began reviewing and categorizing the data potentially involved in the incident. On March 9, 2021, the Organization determined that there are a number of customers in the database tables that …
P2021-ND-210

Assured Psychology

The Organization sent a series of emails to a new client, related to scheduling an appointment. On December 31, 2021, the Organization discovered that the emails were sent to the wrong email address. The Organization reported the incident occurred between December 22, 2020 and December 31, 2020.
P2021-ND-209

Zumiez Canada Holdings Inc.

On January 18, 2021, the Organization discovered suspicious activity involving its Canadian e-commerce platform (www.zumiez.ca). The Organization identified and removed unauthorized script in the code the same day. The added code was capable of obtaining information entered by customers during the checkout process and sending it out of its system. The Organization?s investigation show the code was first added on August 16, 2020 and there were several times between August 16, 2020 and January 16, …
P2021-ND-208

Golf Avenue Inc.

On January 7, 2021, the Organization discovered a key logger on its e-commerce platform upon completing a routine vulnerability scan. The Organization confirmed that, on December 27, 2020, an administrator account was used to upload a picture containing malicious PHP code to the Organization?s catalog of website photos. The malicious code acted as a key logger that captured the information entered by the Organization?s customers upon checkout. Customer personal information and payment details entered on …
P2021-ND-207

Southport Psychology Inc.

On May 27, 2020 and June 1, 2020, the Organization mistakenly sent a completed intake package to two unintended recipients, instead of a blank form. On June 1, 2020 and June 2, 2020, the unintended recipients notified the Organization of the error. The Organization asked the unintended recipients to delete all records received in error.
P2021-ND-206

Edward Jones (an Ontario Limited Partnership) (Edward Jones Canada)

On May 11, 2020, the Organization detected unusual attempts to access certain client information. The Organization took steps to block access and to investigate. The Organization determined that between March 30 and May 18, 2020, an unauthorized party leveraged client credentials, to access client account information. The Organization reported it has no evidence that these usernames and passwords were obtained through its systems. The Organization reported that the attack merely confirmed that the credentials were …
P2021-ND-205

PFSL Investments (Canada) Ltd.

Sometime between June 7-8, 2020, a burglary took place at the office of one of the Organization?s independent sales representatives. An unknown individual(s) broke into locked filing cabinets and removed various client files. The Organization suspects that the files may have contained personal information.
P2021-ND-204

Wealthsimple Financial Corp.

On October 13, 2020, the Organization became aware of a credential stuffing incident involving suspicious attempts to access data from certain user accounts. The unauthorized third party was able to log into client accounts between October 9, 2020, and October 13, 2020, using a valid email address and password. The Organization?s investigation discovered that passwords were not obtained from its systems. The Organization believes that an unauthorized individual may have obtained client passwords from another …
P2021-ND-203

The Canada Life Insurance Company

The Organization provides group benefits plans and services. Plan members access benefits services, information, and submit claims via a website provided by the Organization. On June 23, 2020, a software upgrade for the plan member website resulted in caching issues; when plan members attempted to access their information on the website, they were instead shown information about a different plan member. The Organization took the service offline after a plan member called in to advise …
P2021-ND-202

Minerals Technologies Inc.

On or about October 20, 2020, the Organization was victim to a ransomware attack. The incident was discovered when employees found access to their devices was restricted. On October 22, 2020, the Organization?s breach investigation determined that personal information about its current and former employees may have been accessed by the threat actor.
P2021-ND-201

Datatax Business Services Limited

On December 18, 2020, the Organization was victim to a ransomware (MountLocker) attack that infected several PCs and servers. The incident was discovered the same day when staff found anomalous files on their computers. The Organization was unable to determine the cause or entry point of the attack.
P2021-ND-200

USNR, LLC

On or about September 28, 2020, an employee downloaded and executed a malicious software (Chrome) update. The malicious update contained malware that enabled attackers to remotely access the Organization?s network without authorization. On October 25, 2020, approximately a month after the initial breach, the attackers encrypted various systems. The intrusion was detected on the same day when encrypted files and a ransom note were found. It is reported that the attacker was able to access …
P2021-ND-199

Home Hardware Stores Limited

On February 18, 2021, the Organization?s Information Technology (IT) staff found maliciously encrypted files while troubleshooting IT infrastructure that was not operating properly. Investigation of the incident determined that suspicious network activity began on February 12, 2021, when an unauthorized party appeared to be logging in and testing credentials. The unauthorized party deployed ?hacking tools? on February 16 and 17, 2021. Lastly, a ransomware attack was deployed on February 18, 2021. Attempts to attack the …
P2021-ND-198

Royal Camp Services Ltd. and its subsidiaries and affiliates Summit Camp Services Ltd. and Chief Isaac Summit Camp Services Ltd.

On August 26, 2020, the Organization was the victim of a cybersecurity attack by an unauthorized third party who deployed ransomware and encrypted parts of the Organization?s technology infrastructure. The Organization discovered that the unauthorized third party may have gained access to the personal information of current and former employees of subsidiaries and affiliates. The Organization reported there was no evidence of exfiltration of files. The Organization determined that the unauthorized user had access to …
P2021-ND-197

Combined Insurance Company of America

On Friday, October 30, 2020, an employee sent an email and mistakenly added the contact list of email recipients to the email itself. The list contained contact information of 415 individuals (independent contractors) and was emailed to all 415 individuals on the list. The contact list was not password protected. The employee who sent the email discovered the error and tried to recall it. On November 2, 2020, an email was sent to all recipients …
P2021-ND-196

DirectVapor, Inc.

On September 23, 2020, the Organization became aware of suspicious activity associated with its online checkout page. The Organization investigated and determined that an unauthorized user had gained access to its online payment platform and payment card information entered between September 14, 2020 through September 23, 2020.
P2021-ND-195

Angeion Group

On July 17, 2020, the Organization learned that between March 30, 2020 and May 4, 2020, an unknown unauthorized third party remotely accessed the corporate email box of an employee. The email box included personal information associated with claims administration files and related communications. The Organization reported that the cause of the unauthorized access has not been determined. The breach was discovered on July 17, 2020 in the course of investigating another matter involving the …
P2021-ND-194

Victoria?s Secret Stores Brand Management

The Organization experienced a credential-stuffing attack which took place over an approximately four-hour period on November 9, 2020. As a result, an unauthorized individual gained access to personal information in certain of the Organization?s online accounts. The attack was detected and later blocked by the Organization while it was still in progress. The Organization reported that, based on its investigation, the incident resulted from the apparent reuse of legitimate, recycled credentials (usernames and passwords) that …
P2021-ND-193

Mosaic Primary Care Network

On October 17, 2020, a shared administrative user account was used to gain unauthorized access to the Organization?s Office 365 SharePoint site (and linked files). An audit log review revealed that the threat actor accessed, viewed, and downloaded files, and uploaded a file (an image file ? ransomware.jpg) from/to the Organization?s SharePoint site. User accounts were also removed from the site. The breach was discovered on October 17, 2020.
P2021-ND-192

SiteOne Landscape Supply, Inc.

Between July 2 and July 14, 2020, the Organization?s network was subject to unauthorized access, including the exfiltration of files, by a threat actor. A threat actor gained access to the Organization?s network using the account credentials of an employee. It is unclear how the credentials were compromised. The incident was discovered on July 14, 2020, when an internal alert notified the Organization that one of its systems was down. On September 4, 2020, the …
P2021-ND-191

College of Physicians and Surgeons of Alberta

The Organization received a complaint from a physician about three other physicians. The full complaint was copied to all three physicians on November 18, 2019, without redacting the complaint information about the other physicians. A second breach occurred when the resulting Investigation Report was sent to all three physicians on March 2, 2020, allowing each physician to see the practices of the others, as well as the complaint history and formal undertaking that one of …
P2021-ND-190

Power Survey and Equipment Ltd DBA Powerside

On August 10, 2020, the Organization received a suspicious phishing email from fraudsters impersonating an employee. Upon learning of the incident on August 31, 2020, the Organization investigated. As a result of the investigation, the Organization believes that an unauthorized person breached its email security systems and accessed the email account of its employee. The Organization?s believes that the intruder had access to this employee?s emails and contact information and set up an email forwarding …
P2021-ND-189

TingleMerrett LLP

On June 23, 2020, the Organization attempted to serve its client’s documents on an opposing self-represented party via both courier and email. On June 26, 2020, the recipient advised the Organization that the documents were served on an incorrect email address. The Organization immediately requested the unintended recipient delete all material sent via email. On June 26, 2020, the Organization advised the opposing party of the inadvertent disclosure of her personal information to the unintended …
P2021-ND-188

rewardStyle Inc.

On March 8, 2020, the Organization identified unusual activity on its websites rewardstyle.com and about.rewardstyle.com. The Organization investigated and found that an attacker had the ability to take over and redirect the website URLs but the investigation was inconclusive with respect to any access to the Organization?s information. The Organization reported that there was no unauthorized activity after March 8, 2020. On June 1, 2020, the Organization discovered that unauthorized individual(s) may have acquired certain …
P2021-ND-187

Edward Jones (an Ontario Limited Partnership) (Edward Jones Canada

On Thursday, July 23, 2020, the Organization received a notice from its service provider, SEI Investments Canada Company (SEI), about a security incident. SEI informed the Organization that personal information in the custody of SEI?s own service provider, M. J. Brunner, Inc. (Brunner) was affected by a ransomware attack. Brunner provides services to SEI in connection with optimizing the delivery of SEI?s services. The Organization reported that the attack on SEI’s vendor systems occurred on …
P2021-ND-186

FreeThink Capital Inc.

On or around July 15-16, 2020, an intruder broke into the Organization?s office. Some unopened mail was moved on the reception desk, all locked filing cabinets were forcibly opened, and some paperwork was removed. The Organization does not believe that any of the mail or paperwork was taken. Other than small amounts of cash found in employee workstations, the only piece of office hardware stolen was an employee’s laptop. The Organization is confident that the …
P2021-ND-185

2026465 Alberta Ltd.

The Organization reported that, in January 2020, a number of employees requested their T4 tax forms. The Organization?s accountant emailed the tax forms to the Organization; the same email was then forwarded to the employees. As a result, the employees inadvertently received all T4s and not just their own. In January 2021, one of the employees made a complaint to my office about receiving his/her T4 tax form with other tax forms in the same …
P2021-ND-184

The Association canadienne-francaise de L?Alberta

Le Journal Franco-Albertain Ltee. (Le Franco) is a corporation incorporated under the Business Corporations Act. The Organization took over the administration of Le Franco pursuant to a Unanimous Shareholders Agreement. As a result, the powers of the present Members of the Board of Le Franco were suspended. The Organization became aware that a former Board Member of Le Franco posted personal information on his personal Facebook account that may contain personal information of a former …
P2021-ND-183

Center Street Church

On June 13, 2020, the Organization began to experience system outages. An investigation revealed that two servers had been encrypted by ransomware. The Organization did not pay the ransom and reported the incident to the authorities. The Organization restored the servers from backup copies. The Organization reported that it does not have any evidence or direct indication that sensitive data was copied (exfiltrated) in addition to being encrypted, but said it cannot rule out the …
P2021-ND-182

New Horizons Car & Truck Rentals Inc., operating as Discount Car and Truck Rentals

On January 20, 2021, the Organization was the victim of a cyber-attack. The breach was detected 19 days later on February 8, 2021, when the Organization detected ransomware on its systems. The Organization?s investigation determined that, in addition to encrypting some servers, the attacker may have exfiltrated unstructured email and email attachment data from some of the Organization?s systems. The root cause of the incident was not reported by the Organization.
P2021-ND-181

Leede Jones Gable Inc.

On September 27, 2020, the Organization was the victim of a ransomware attack. The incident was discovered the same day when employees were unable to remotely access some systems. The attacker used compromised account credentials to access the Organization?s network over a VPN and then deployed post-exploitation tools and ransomware. The attacker encrypted a number of the Organization?s servers, PCs, and exfiltrated data. Exfiltrated records were published on the dark web for four days prior …
P2021-ND-180

National Intramural and Recreational Sports Association

The Organization uses a third-party service provider for e-commerce. On or around May 7, 2020, the Organization?s third-party vendor reported a known vulnerability impacting the Organization?s systems. The Organization investigated the vulnerability, and on May 26, 2020, became aware of suspicious activity on its e-commerce site. It was discovered that an unauthorized party exploited the vulnerability on April 6, 2020, exposing personal information. The Organization reported ending the breach on June 3, 2020. On July …
P2021-ND-179

NUUD Inc. o/a HUSH Lingerie and More

On February 5, 2019, the Organization was informed by another franchise owner that individuals from the corporate store entered the Organization?s location saying they were there to update the Organization?s point of sale system. The Organization believed these actions to be suspicious as the corporate office did not provide IT support previously. On February 8, 2019, the Organization discovered spyware (called ?Spyrix?) installed on its computer remotely. On February 14, 2019, the Organization contacted the …
P2021-ND-178

Underwriters Laboratories of Canada Inc.

On February 13, 2021, the Organization detected unusual activity on its systems. The Organization found that the unusual activity related to an attempt to encrypt certain systems by an unauthorised third party. The Organization?s preliminary findings indicated that the threat actor?s primary objective was to cause disruption to the Organization?s operations in order to extract a ransom. The Organization reported it has no reason to believe that any personal data relating to data subjects in …
P2021-ND-177

Brewmaster Coffee Enterprises (M.H.) Inc.

Sometime between May 15 and May 29, 2020, two flash drives storing used to store encrypted and unencrypted electronic data were misplaced or lost. The breach was discovered on May 29, 2020, when the device was needed for an update and could not be found.
P2021-ND-176

Keyera Corp.

On July 13, 2020, an employee with the Organization sent an email containing PDF copies of an employee?s termination letter to an unknown recipient with an email address similar to the employee. The error was discovered the following day when the intended recipient contacted the Organization asking about the status of the email. The Organization tried to recall the email and confirm its deletion, but could not do so.
P2021-ND-175

Canadian Medical Association

Between October 6 -21, 2020, as the result of a phishing incident, email messages received in an employee?s inbox were forwarded to an unknown webmail account. The incident was discovered on October 21, 2020 by the Organization?s IT team. Several employees received the message, but only one employee clicked on the ?attachment?. The Organization reported it not aware of any incidents of unauthorized use of the information at issue, and the Organization?s data breach monitoring …
P2021-ND-174

BDO Canada LLP

Sometime between April 3, 2020 and April 6, 2020, the Organization?s Edmonton office was broken into. The break-in was discovered on April 6, 2020 when an employee attended at the office. At the time of the break-in, the Organization did not identify any missing personal information; however, it reported it now believes that Canada Revenue Agency 2019 Pre-Bankruptcy Notices of Assessment and accompanying cheques may have been stolen. The documents had been sent to the …
P2021-ND-173

NFP Canada Corp.

On August 7, 2020, one of the Organization?s client service representatives sent a waiver form to a client which contained the new address of her ex-husband. On the same day, the ex-husband notified the Organization that his new address should not have appeared on the document. The Organization reported that all communications had previously been jointly with the husband and wife (both were copied on all emails) and at no point did the husband tell …
P2021-ND-172

Co-operators General Insurance Company (CGIC), Co-operators Life Insurance Company (CLIC)

In late 2019, the Organization discovered that an employee with one of its independent agencies emailed several documents containing client personal information to his personal email account. The Organization also discovered that this individual might have taken physical documents containing client personal information. The Organization reported that, at the time, the individual was an employee with the independent agency and thus a representative of the Organization and while the emailing was inappropriate, the Organization felt …
P2021-ND-171

World Financial Group Canada Inc.

On or about April 6, 2020, an advisor with the Organization had their vehicle stolen from their driveway. In the vehicle was a workbag with a password-protected laptop containing client information. The advisor’s spouse discovered that the vehicle was missing on their way to work.
P2021-ND-170

Rocky Credit Union Ltd.

On June 18, 2020, an employee with the Organization was helping a member who asked for balances on his accounts. The employee was possibly in the member?s wife?s profile, and gave the balance of a youth?s savings account to the member. The member is not a signer on the youth?s savings account and therefore should not have had that information. The breach was discovered the same day, when the member?s wife contacted the Organization to …
P2021-ND-169

Cornerstone Building Brands

On August 3, 2020, the Organization discovered unusual network activity. The Organization?s investigation determined that an unauthorized party gained access to the network between August 3, 2020 and August 9, 2020. The Organization conducted a comprehensive review of all files involved, and determined on October 22, 2020, that they contained personal information. The unauthorized party acquired copies of certain information pertaining to a limited number of individuals that was stored within the Organization?s systems. The …
P2021-ND-168

ARCH Psychological Services

On September 25, 2020, an email attachment containing the name of a potential client and a preliminary retainer agreement was sent in error to the wrong potential client. The error was discovered on September 28, 2020 when the Organization was reviewing the previous day?s communications. The Organization reported that it emailed and left numerous telephone messages to obtain acknowledgment of the communication and asking the unintended recipient to delete the email with the incorrect attachment. …
P2021-ND-167

Gienow Renovations

On August 3, 2020, the Organization discovered unusual network activity. The Organization?s investigation determined that an unauthorized party gained access to the network between August 3, 2020 and August 9, 2020. The unauthorized party acquired copies of certain information pertaining to a limited number of individuals that was stored within the Organization?s systems. The Organization reported that it had no evidence that the personal information has been misused, and arranged for the unauthorized party to …
P2021-ND-166

Communauto Inc.

Between December 19 and 20, 2020, the Organization was victim to ransomware (Sodinokibi), resulting in the encryption of a significant number of servers and workstations. It is reported that an administrative password was compromised as a result of phishing, and was subsequently used in the attack. The Organization reports that the threat actor exfiltrated records from its servers. It is also stated that the attackers eventually destroyed the records they exfiltrated.
P2021-ND-165

American College of Emergency Physicians

On September 7, 2020, the Organization discovered unusual activity on its e-commerce site and commenced an investigation. On September 24, 2020, the investigation confirmed that payment card information used for a subset of purchases on the e-commerce site between May 21, 2020 and September 22, 2020 was potentially subject to unauthorized acquisition. Once the Organization confirmed the scope of the incident, it took steps to identify which customers may have been impacted and identified address …
P2021-ND-164

RBC Life Insurance

A claimant submitted a claim under a group disability policy owned by the claimant?s employer. On June 29, 2020, the Organization drafted two separate letters to communicate their decision about the claim. One letter addressed to the claimant included the details of the decision and the second letter addressed to the employer included limited details. In error, the mail room placed both letters into the same envelope addressed to the employer. On July 23, 2020, …
P2021-ND-163

Clear Sky Capital Inc.

On May 1, 2020, the Organization?s accounting firm mailed end of year tax forms to the Organization?s clients. The tax forms were inadvertently printed double-sided. As a result, certain clients of the Organization received their own tax form and the tax form for another client.
P2021-ND-162

Johnston Group Inc.

The Organization is an employee benefits plan administrator and its client portal allows individuals to submit and track medical claims through their employers? plan. On November 9, 2020, the Organization was subject to a brute-force attack against the Organization?s client portal. The actors were trying to gain access to client accounts by trying to log in with various account names (many of which were invalid). The Organization determined that the login attempts came from a …
P2021-ND-161

YSS Corp.

On May 15, 2020, the Organization was informed that on or about May 9 or 10, 2020, an unknown individual gained entry to the Organization?s Head Office in Calgary. The Organization determined that no paperwork, including personnel or payroll records, was missing and, accordingly, it initially believed that there was no loss of or unauthorized access to personal information. On August 4, 2020, the local police service (CPS) contacted the Organization as a part of …
P2021-ND-160

Alberta College of Social Workers

On July 22, 2020, an academic transcript was received and uploaded to a database but was attached to the wrong member profile. The breach was discovered on August 3, 2020, when a member found the document attached to their member profile and reported the error to the Organization.
P2021-ND-159

NeuroTrition Inc.

On or about October 3, 2020, the Organization was informed that an account held with ?Mail Chimp? had been closed. The Organization learned that a former contractor had accessed the account without authorization, closed it without the Organization?s knowledge, and retained account information from Mail Chimp without the Organization?s knowledge or consent, on or about September 29 – October 3, 2020. The Organization reported that there is no evidence that the Organization?s membership information was …
P2021-ND-158

Grant Thornton LLP

On April 30, 2020, the Organization learned that an unauthorized individual accessed one of its employee?s email accounts. The unauthorized individual sent phishing emails from the account to others at the Organization and later gained access to eight other employee email accounts. The Organization reported that no other employee accounts were affected, nor were other parts of the Organization?s system or business. The Organization reported that it has no evidence that any information was accessed, …
P2021-ND-157

Home Depot of Canada Inc.

On October 27, 2020, the Organization experienced a system error that resulted in a number of Canadian customers receiving multiple emails for orders that they did not place. On October 28, 2020, the Organization?s IT support group discovered the issue and it was stopped within 45 minutes. The incident stemmed from a manual technology operation related to updates in certain system-generated emails. The operation in question was not successful, but it was caught through the …
P2021-ND-156

Saputo Dairy Products Canada G.P.

On May 12, 2020, a customer contacted an employee of the Organization to validate an email request the customer received from the employee regarding changes to a payment bank account. The employee confirmed no such request was made. The Organization investigated and determined that the employee?s email account had been compromised since May 1, 2020. An unauthorized email forwarding rule was automatically transferring emails to an external address. The employee?s password was most likely compromised …
P2021-ND-155

TVI Pacific Inc.

On January 6, 2020, the Organization discovered that its office, along with two (2) neighbouring offices, had been broken into. All filing cabinets and desk drawers were opened and various files were stolen, along with a hard drive used to back up a computer. The hard-drive was partially encrypted. Police recovered some files on January 29, 2020, along with documents and equipment stolen from several other offices. Several personal files containing credit card statements, RRSP …
P2021-ND-154

Parkland Corporation

On August 14, 2020, an employee received a phishing email and clicked on an infected link. As a result, attackers were able to encrypt files on multiple systems and download data from multiple devices. On November 14, 2020, a ransomware message appeared on the logon screen of multiple systems. Throughout the month of December 2020, the attackers uploaded the stolen data, approximately 1.3 TB worth, to a website on the Dark Web.
P2021-ND-153

Paskapoo Pet Services

The Organization used a third party software called “Precise Pet Care” to store and archive Services Agreements and client information associated with the provision of a variety of pet care services (pet sitting, pet boarding, dog walking, etc.). After a client’s account is created, the primary documentation and signatures are stored in pdf files within each client’s account for reference and recordkeeping. On July 14, 2020, a security researcher discovered a vulnerability within the system …
P2021-ND-152

IPC Investment Corporation

On April 9, 2020, an advisor sent an email communication with attachments requiring their clients? review and signature. On the same day, the advisor learned from the client that the email communication had not been received. The advisor checked their sent items and discovered the communication was sent to the wrong email account.
P2021-ND-151

College of Registered Dental Hygienists of Alberta

On March 9, 2021, the Organization sent an email to an applicant and included an email addressed to a different applicant in the body of the text. The incident occurred as a result of using a previously sent email as a template. The breach was discovered on March 16, 2021 when the recipient reported the error to the Organization.
P2021-ND-150

J.V. Driver Corporation Inc.

On March 17, 2021, the Organization learned it was the victim of a ransomware attack, although the initial access appears to have been on January 6, 2021. The source of the intrusion appears to be when an employee provided their domain credentials in response to a phishing email and approximately 8 hours later, the attacker accessed the network remotely using the compromised domain credentials of this employee. It does not appear the attacker engaged in …
P2021-ND-149

FabFitFun, Inc.

On August 7, 2020, the Organization discovered that an unauthorized third party had inserted malicious code on portions of its website that may have enabled them to capture certain information in connection with customer sign ups. The incident affected new member sign up pages of the website during the period between April 26, 2020 and May 14, 2020, and between May 22, 2020 and August 3, 2020.
P2021-ND-148

Driver’s Industrial Installations Ltd.

On January 7, 2021, an employee of a service provider to the Organization received a phishing email, prompting her to enter account credentials. On January 11, 2021, an unauthorized third party used the credentials to log into the employee’s email account, and send approximately 1,500 phishing emails. The employee notified the service provider?s IT team who took action to contain the breach. Also on January 11, 2021, emails began transmitting from the service provider’s email …
P2021-ND-147

The Canadian Kennel Club

On February 21, 2020, a copy of the Organization?s March 14 and 15, 2020 Board of Directors meeting agenda was inadvertently posted as a PDF file on its website. The file could be accessed by its membership, instead of the intended audience of the Board of Directors alone. The agenda included the application materials from individuals who wished to become committee members and was accessible on the website only if the PDF file was downloaded …
P2021-ND-146

Wealthbridge Financial Services Inc.

On May 15, 2020, an employee with the Organization emailed a draft document containing the personal information at issue to an unintended recipient. The employee mistyped the intended email address and accidentally sent the document to an incorrect email address. The document was not encrypted and the unintended recipient may have accessed the attached document containing the personal information of the client. The Organization confirmed the incorrect email address has a valid user ID (as …
P2021-ND-145

Driver’s Industrial Installations Ltd.

On April 8, 2021, the Organization learned that one of its service providers had been the victim of a sophisticated, illegal ransomware attack which resulted in hackers gaining access to employee files containing personal information. The source of the intrusion appears to be when an employee provided their domain credentials in response to a phishing email and approximately 8 hours later, the attacker used the credentials to access the network remotely. This initial access appears …
P2021-ND-144
P2021-ND-143

Empire Life Insurance Company

On February 25, 2020, when setting up a policy for a client, the Organization inadvertently coded the client?s address with a third party address. The error went unnoticed by the Organization. As a result, the client?s policy confirmation and tax document was mailed to the wrong address. On March 10, 2020, the Organization was contacted by the client’s Advisor who asked why the Organization had a different address on file. The Organization contacted the person …
P2021-ND-142

Sun Life Assurance Company of Canada

On March 26, 2020, in light of the COVID-19 situation and contrary to a client?s instructions, an employee of the Organization deposited redemption funds directly into the client?s bank account, instead of mailing a cheque. The account was previously jointly held between the client and his former spouse. As a result of the payment, the former spouse was made aware of the transaction. The client had not updated his banking information. On April 6, 2020, …
P2021-ND-141

The Canada Life Insurance Company

On January 6, 2020, an insurance contract is believed to have been sent from the Organization?s London, Ontario office. On April 30, 2020, the Organization discovered the loss of the contract when it was reported that the contract never arrived and has not been returned to the Organization undelivered.
P2021-ND-140

Canadian Forest Products Ltd.

An employee?s laptop bag and laptop were stolen in Edmonton, Alberta on or about March 1, 2020. The laptop?s local storage drive does not contain documents or files containing personal information. However, several months of emails are stored locally on the laptop. The Organization determined that some of the emails or their attachments contained personal information. On or about March 28, 2020, the software the Organization uses when a device connects to the internet, contacted …
P2021-ND-139

Sherwood Consulting Services, Inc.

On March 21, 2020, a psychologist with the Organization discovered her residential garage had been broken into and a briefcase and other items were missing from her vehicle. The brief case included paper client files. These have not been recovered to date. A computer that was stolen was protected with facial recognition software and encryption.
P2021-ND-138

Sedgwick Canada, Inc.

On July 31, 2020, the Organization detected that data on a limited number of servers within its network environment was subject to a cybersecurity incident. The Organization immediately launched an investigation and engaged a forensics firm to assist with its response. By August 2, 2020, the affected servers had been restored. On August 20, 2020, the investigation identified that personal information of a limited number of current and former employees had been acquired without authorization …
P2021-ND-137

Morneau Shepell Ltd.

Around January 30, 2020, the Organization discovered that multiple unauthorized emails were sent externally from the email account of an employee of the Organization. The Organization investigated and found that the email accounts of five (5) of its employees were compromised as a result of a phishing campaign giving the unknown attacker access to email stored between January 30 and February 4, 2020. The investigation found no evidence that personal information is being used inappropriately …
P2021-ND-136

MGM Resorts International

On or about July 10, 2019, the Organization became aware that on approximately July 7, 2019, an unauthorized third party gained access to an external cloud server (Amazon Web Services (AWS)) containing guest data. The Organization reported that, in early July, the unauthorized party obtained an employee?s credentials that had been compromised as a result of data breaches not associated with the Organization. The attacker used the compromised credentials to log in to a third …
P2021-ND-135

Park Paving Ltd.

On September 6, 2019, a file containing all hourly employee paystubs was emailed to one employee who had requested their own paystub. The breach was discovered the same day when the employee received the email and reported the error to their supervisor who ensured the file was deleted and reported to payroll. The Organization investigated and confirmed that the file was distributed to only one employees, and was viewed by two employees, (the original recipient …
P2021-ND-134

Mennonite Economic Development Associates of Canada o/a MEDA

The Organization uses Raiser?s Edge, a product owned by Blackbaud, to store donor data. On July 17, 2020, the Organization received confirmation from Blackbaud that it discovered and stopped a ransomware attack in May 2020. A copy of a backup file was stolen and Blackbaud paid a ransom to get it back. The production environment was not compromised. Blackbaud received assurances that the data was deleted, and assured the Organization that the information has not …
P2021-ND-133

Calgary Meals on Wheels

On September 10, 2020, a volunteer?s vehicle was broken into and four (4) invoices in sealed envelopes, were stolen. The incident was discovered on September 11, 2020, and reported to the Organization.
P2021-ND-132

Warner Music Group Corporation

On August 5, 2020, the Organization learned that an unauthorized third party had compromised a number of U.S.-based ecommerce websites that the Organization operates but that are hosted and supported by an external service provider Acquia, Inc. The unauthorized third party potentially acquired a copy of information customers entered on the affected websites after placing an item into their shopping carts. This could have impacted purchases made with credit cards through the affected websites between …
P2021-ND-131

J.V. Driver Corporation Inc.

On January 7, 2021, an employee of the Organization received a phishing email which contained a link to a malicious ?github.io? sub-domain, which hosted a fake Microsoft account login page. The employee entered their account credentials into this phishing page. On January 11, 2021, an unauthorized third party logged onto the employee’s email account, and started to transmit about 1,500 phishing emails from the employee’s email account. The employee notified the Organization?s IT team. The …
P2021-ND-130

Minto Multi-Residential Income Partners I, IP

On February 18, 2020, the Organization discovered that between February 15 and February 17, 2020, the Organization?s Applewood Village office was broken into. The Organization determined that a personal cheque from two (2) separate individuals, and rental application packages from six (6) separate individuals, were stolen. At the time of the incident, the office at Applewood Village was locked and security patrols were conducted through the apartment complex.
P2021-ND-129

Bombas LLC

In late January 2019, the Organization discovered that a malicious code had been uploaded onto its Shopify e-platform in order to scrape credit card numbers and other personal information. The Organization determined that the malicious code was operating between November 11, 2016 and February 16, 2017. The Organization?s investigation determined that an unauthorized third party may have compromised the credentials of an employee?s account in order to access the platform, and insert the malicious code. …
P2021-ND-128

Leede Jones Gable Inc.

On or about June 2, 2020, attackers gained unauthorized access to an employee?s email mailbox as a result of a phishing email that the employee responded to, providing credentials. While accessing the account, the perpetrators emailed four other employees, making a fraudulent plea for funds. The attack was unsuccessful and immediately aroused suspicion. The unauthorized access was terminated June 4, 2020. The Organization?s investigation confirmed access to five (5) emails within the compromised account, containing …
P2021-ND-127
P2021-ND-126

Francis Winspear Centre for Music

Blackbaud is a third party service provider to the Organization. The Organization uses Blackbaud?s financial management tools (Financial Edge) to manage invoicing data relating to vendors and service providers. According to Blackbaud, an intruder had access to some of Blackbaud?s systems from about February 7, 2020 to May 20, 2020 and was able to extract backup data relating to the Organization. The intruder obtained access through another Blackbaud customer?s account and then launched an attack.
P2021-ND-125

Edmonton Symphony Society

Blackbaud is a third party service provider to the Organization. The Organization uses Blackbaud?s financial management tools (Financial Edge) to manage invoicing data relating to vendors and service providers. According to Blackbaud, an intruder had access to some of Blackbaud?s systems from about February 7, 2020 to May 20, 2020 and was able to extract backup data relating to the Organization. The intruder obtained access through another Blackbaud customer?s account and then launched an attack.
P2021-ND-124

Relevant Radio

The Organization uses Blackbaud, a third-party cloud computing vendor, to provide customer relationship management and financial services tools. On July 16, 2020, Blackbaud informed the Organization that it had suffered a cyber incident which resulted in a potential unauthorized access to certain information maintained by Blackbaud between February 7, 2020 and May 20, 2020. Blackbaud paid the threat actors’ ransom demand in return for confirmation that all data removed by the threat actors had been …
P2021-ND-123

Savers, Inc.

On June 28, 2020, the Organization was the victim of a phishing attack that targeted one employee and the information contained in their email account. The incident was discovered on July 3, 2020 when the Organization noticed the employee?s email account was being used to send fraudulent emails, attempting to initiate a fraudulent money transfer.
P2021-ND-122

Rakuten Kobo Inc.

On June 17, 2021, the Organization was victim to a phishing attack when an employee opened a malicious email attachment. After the initial breach, the attackers installed additional tools to propagate their attack. The incident was discovered 68 days later on August 24, 2020 when abnormal CPU utilization was detected on a database server. For the following 5 days, the Organization analyzed the breach and eliminated the attackers? access, effective August 29, 2020. The Organization?s …
P2021-ND-121

Blue Buffalo Company, Ltd.

On August 31, 2020, an unauthorized party gained access to the Organization?s network via the exploitation of a vulnerability present on one of the Organization?s servers. After the initial breach, the unauthorized party deployed malware and network penetration tools, extending the attack to other systems and user accounts on the Organization?s network. The breach was discovered on September 1, 2020 when the Organization?s security team detected the attacker?s activities.
P2021-ND-120

Century 21 Department Stores LLC

The Organization learned of suspicious activity involving its website, c21stores.com. The Organization investigated and found unauthorized code. The Organization?s investigation found the code may have been present and capable of copying information entered by customers on the website between August 27, 2019 and October 10, 2019. The breach was discovered when the Organization was alerted by the third party that hosts its ecommerce platform.
P2021-ND-119

World Financial Group Canada Inc.

On October 10, 2019, a password protected laptop containing client information was stolen from a locked vehicle. The breach was discovered the same day when the vehicle owner discovered that the back window of her locked vehicle was shattered and items including the password protected laptop were missing.
P2021-ND-118

Mountain View Credit Union

On May 25, 2018, the Organization inadvertently mailed an annual post-review letter and a non-compliance letter to the wrong address. The breach was discovered on June 4, 2018, when the unintended recipient attended the branch to report the error and return the documents.
P2021-ND-117

Luxottica of America Inc.

On August 9, 2020, an automated attack was carried out against the Organization?s appointment scheduling application using an account that was created on August 5, 2020. The Organization investigated to determine the extent and nature of the incident and to confirm whether patient records had been accessed and/or acquired. On August 28, 2020, the Organization preliminarily concluded that the unauthorized person might have accessed and acquired individuals’ information from the appointment scheduling application.
P2021-ND-116

Lithion Power Group Ltd.

On June 25, 2019, an employee with the Organization was corresponding with a client who advised that they had made wire transfer payments to the Organization. The Organization did not receive any payments. On July 2, 2019, the Organization discovered that an employee’s email inbox had been breached by an unknown third party, and an email forwarding rule was enabled which forwarded all inbound emails to an unknown gmail account. The Organization also discovered that …
P2021-ND-115

Expedia

The Organization acquired Orbitz in 2015. Orbitz operates a travel booking platform. The Organization reported that ?While conducting an investigation of the platform, Orbitz determined on March 1, 2018 and informed us on April 12, 2018, that there was evidence suggesting that, between October 1, 2017 and December 22, 2017, an attacker may have accessed certain personal information stored on its consumer and business partner platform.
P2021-ND-114

2101314 Alberta Inc.

On March 7, 2020, the Organization sent an email to customers, notifying them of a sales promotion. The Organization inadvertently ?cc?d? customer email addresses instead of blind copying them (?bcc?). As a result, recipients were able to see other customers? email addresses and would know they are customers of the Organization. The incident was discovered the same day when one of the recipients reported the error to the Organization.
P2021-ND-113

The Results Companies, LLC

On August 13, 2019, the Organization discovered unauthorized access to an employee email account when a fraudulent wire transfer involving the Organization?s corporate account was attempted. The Organization investigated and determined that an employee email account had been used to facilitate the attempted fraudulent wire transfer. In the process of obtaining information to facilitate the attempted fraudulent wire transfer, it appears that the malicious actor may have accessed personal information without authorization. The Organization reported …
P2021-ND-112

Worldwide Insurance Services, LLC

On March 20, 2019, the Organization was contacted by its card payment merchant acquirer, Worldpay, regarding irregularities experienced by customers after purchasing goods on the Organization’s website, www.reddragondarts.com. The Organization’s investigation at the time of reporting indicated that the website was compromised by malicious code that collected data from the payment page, sending it to a remote server under the attacker?s control. The Organization reported there were two windows of compromise: September 9, 2018 to …
P2021-ND-111

Canadian Crossroads International

On March 17, 2020, a third party to the Organization, TSX Trust Company, used an incorrect envelope format to mail tax forms. As a result, social insurance numbers were visible through the window of the envelope. The breach was discovered by investors who subsequently notified the Organization on or about March 22, 2020.
P2021-ND-110

Nodor International Limited (trading as Red Dragon Darts)

On March 7, 2020, the Organization found a hidden audio device behind a picture frame in the Organization’s staff room. The device recorded an ?in camera? board meeting, staff interviews, and private conversations of staff. The Organization reported that it does not know when the audio recording started. The Organization reported that it does not know whether this incident is connected to another incident of an unauthorized audio recording the Organization experienced earlier in the …
P2021-ND-109

Adventus Opportunity Fund

On July 16, 2020, the Organization received notice from its third-party service provider, Blackbaud, that it was the victim of a ransomware attack. Blackbaud informed the Organization that it discovered the attack on the same day it occurred on May 14, 2020, and that it prevented the bad actor from blocking system access and fully encrypting files. According to Blackbaud, a ransom was paid in return for the assurance the information would be destroyed and …
P2021-ND-108

Salta Gymnastics Club

On July 6, 2020, the Organization received a phishing email that appeared to be from its email and website provider. The email identified that the Organization’s credit card payment did not go through because the card may have changed or expired. The credit card had in fact recently expired. The email requested the Organization update its credit card information. The Organization provided the new credit card and login information but did not realize password information …
P2021-ND-107

Opportunity International Canada

On or about February 19, 2019, the Organization identified suspicious activity regarding its online payment processing platform. On or about March 4, 2019, the Organization’s investigation determined that customer credit and debit card information for certain transactions that occurred on the ecommerce website between February 10, 2019 and February 14, 2019, and on February 19, 2019, may have been subject to unauthorized access and/or acquisition.
P2021-ND-106

Tamarack Psychology

On January 7, 2019, an Investment Advisor with the Organization received an email from a client requesting copies of the client?s current investment portfolio statement and account balances. The Advisor responded the same day, but attached the wrong clients? Portfolio Evaluations in error. On January 14, 2019, the original client advised the Organization that she was a victim of fraud, where it appears that a fraudster hacked and used the email address to correspond with …
P2021-ND-105

CM Group Holdings, Inc. d/b/a Creative Memories

On March 1, 2019, the Organization learned of a mailing error that inadvertently sent the T5 slips of certain authors to the mailing address of other authors. The mailing occurred early in the week of February 25, 2019. The Organization has taken steps to recover the misdirected mail. One Alberta resident?s slip was successfully retrieved, but had been opened by the unintended recipient. The Organization has attempted to make contact with the other authors, but …
P2021-ND-104

Richardson GMP Ltd.

On or around March 31, 2019, a customer brought a computer to the Organization for repair and a data backup service. A sign in form was completed. The computer and form were sent to a service center; the computer was repaired and the data backup completed on a SSD card. The SSD card was subsequently lost and has not been recovered. The breach was discovered on April 2, 2019.
P2021-ND-103

Penguin Random House Canada

The Organization uses a third party provider to adjudicate and pay claims submitted by members under the Organization’s Extended Health Care Plan. In this case, an individual who was covered under their spouse?s plan submitted a receipt for psychological treatment. The receipt was forwarded to the third party for adjudication. When the claim was processed, a statement was mailed to the affected individual indicating there was no coverage for the service. However, the claim was …
P2021-ND-102

Best Buy Canada Ltd.

At the end of March 2019, the Organization was contacted by two subscribers (resident outside Alberta) reporting possible fraudulent credit card activity, shortly after the subscribers spoke with a customer service representative (CSR) employed by a third party service provider to the Organization. The Organization investigated, and found that a CSR had used a subscriber?s credit card information (which had been collected for legitimate purposes) for an unauthorized personal purpose. The Organization reviewed all available …
P2021-ND-101

Alberta School Employee Benefit Plan

On June 13, 2019, the Organization’s third party service provider, responsible for maintaining the ecommerce platform, noticed an unauthorized script. The Organization investigated and determined an unauthorized third party gained access to the ecommerce platform and placed a script allowing personal information to be collected as transactions were made on the site. The unauthorized third party was able to access the ecommerce platform remotely by using the username and password of an employee of the …
P2021-ND-100

The Globe and Mail Inc.

On or about August 31, 2019, an unauthorized intruder accessed a computer server that contained information about individuals who participated in online contests conducted in Canada. The Organization investigated and determined that the attacker gained access to a server by exploiting credentials.
P2021-ND-099

Ivanhoe Cambridge

As a result of a successful phishing attack, an intruder was able to obtain the credentials for an email account assigned to an employee of a service provider to the Organization and gain access to certain emails. The incident occurred on May 20, 2019 and was discovered on May 28, 2019 when the employee who was the subject of the successful email phishing attempt reported the incident.
P2021-ND-098

NBA Media Ventures, LLC

On January 29, 2019, a Statement of Benefits Paid was lost while being transported from a home office to the Organization’s office. The breach was discovered the same day when the document could not be located.
P2021-ND-097

SMART Local Unions and Councils Pension Fund (Canada)

A bag was left in an employee?s car overnight on February 6, 2021. The bag contained a list of staff members, their FTE, and investigation notes from conversations with 4 employees. The breach was noticed the same day. The documents have not been recovered.
P2021-ND-096

Carscallen LLP

Western Safety Products (WSP) is a division of the Organization and is a Seattle, Washington based distributor of safety equipment to businesses. WSP had a web-based e-commerce site which was hosted by a third party. The website was closed in February 2018; however, unauthorized parties appear to have gained access and re-activated the site on September 19, 2018. It appears the administrative portal used by the third party hosting the site was compromised, and as …
P2021-ND-095

AgeCare Seton

On September 25, 2019, a Google Drive document was shared with the wrong email address. The names were similar, and the wrong name was selected. The incident was discovered the same day when the unintended recipient reported the error.
P2021-ND-094

Bunzl North America

On or about December 11, 2018 the Organization received notice of a vulnerability in its firewall that made a server accessible. On or about April 15, 2019, as the result of a thorough review of the potentially impacted contents of the server, the investigation confirmed the population of potentially impacted individuals.
P2021-ND-093

Laura Gilligan, Occupational Therapist

On May 22, 2019, the Organization’sent an email to some of its members and inadvertently attached a document containing the information at issue of other members. The email was received by 63 members and included the personal information of 1,232 individuals. The breach was discovered the same day, when one of the recipients reported the error to the Organization.
P2021-ND-092

Oklahoma Department of Securities

The Organization uses a third party, Glentel Inc., to operate its website. Glentel advised the Organization that, on November 29, 2018, an employee’s email account was compromised following a successful phishing attempt. As a result, the intruder was able to view personal information related to purchases made on the website. Glentel advised the incident was contained the same day that it occurred.
P2021-ND-091

Gray Monk Estate Winery

On October 16, 2019, a staff member?s laptop was stolen from their vehicle. The laptop was password protected. On October 23, 2019 a backup copy of the computer was reviewed, revealing there was personal information stored on the laptop. The laptop has not been recovered.
P2021-ND-090

Samsung Electronics Canada Inc.

Malware (Emotet) was discovered on an end user laptop. The Organization reported the breach occurred on August 26, 2019 and was discovered August 28, 2019 when data communications from the end user laptop matching known Emotet control characteristics were detected by a cybersecurity system. This system alerted the Organization’s Canada Cybersecurity Specialist to the detection.
P2021-ND-089

AUPE

On December 17, 2018, an employee of the Organization posted files containing royalty statements to certain members’ online accounts. The breach was discovered on December 19 when a member downloaded statements from his account that included statements relating to other members.
P2021-ND-088

PetroChina Canada Ltd.

The Organization was contacted by a security researcher from a reputable security research firm under “responsible security disclosure” principles about a data file the researcher had obtained. The file was provided to the Organization on December 18, 2018 in a password-protected form and appeared to contain a Organization user table. The Organization was able to confirm its authenticity on December 19, 2018. The Organization reported its investigation is ongoing.
P2021-ND-087

Society of Composers, Authors and Music Publishers of Canada (SOCAN)

Two employees stored documentation intended for shredding in bins that were marked “for shredding” which were mistaken for recycling by the building custodian. On January 29, 2019, the building custodian disposed of the documentation in the building’s outside recycling bin, which is not secured. Each bin contained approximately 20-30 pages. The contents of the documentation was not inventoried but is believed to be draft correspondence that may have included personally identifying Information. The breach was …
P2021-ND-086

Houzz Inc.

On November 29, 2018 an employee in the Organization’s head office in Burnaby, British Columbia received a fraudulent email from an unknown third party. The email appeared to be from the Organization’s Chief Executive Officer and attached a link to a fraudulent website. The email deceived the employee into disclosing the employee’s credentials for their work email account. The unknown third party then used the employee’s credentials to access the employee’s work email account and …
P2021-ND-085

College and Association of Registered Nurses of Alberta

In January 2019, the Organization determined that its Canadian consumer-facing website, https://mcmbcrs.transunion.ca had been the target of a “credential stuffing” attack. The Organization investigated and, in February 2019, found that failed login attempts could be traced back to credential stuffing by an unknown and unauthorized third party. The Organization reported the attacker appears to have directed a cache of valid and invalid credentials at its systems for the purposes of identifying which credentials worked and …
P2021-ND-084

Glentel Inc.

During the week of December 2 – 6, 2019, an employee of the Organization received an email that appeared to be from the Organization’s Senior Vice President and Chief Financial Officer requesting accounts receivable information, along with customer contact information. The employee responded by email on December 6, 2019 attaching the requested information. Unfortunately, the email had been sent by an unknown and unauthorized third party. The incident was discovered on December 9 when customers …
P2021-ND-083

Trans Union Consumer Interactive, Inc.

On August 28, 2019, a human resource employee inadvertently copied a distribution group of 134 employees on an email to a manager with respect to a termination that was scheduled to occur the following day. The breach was discovered by the intended recipient on the same day.
P2021-ND-082

Yellow Pages Digital & Media Solutions Limited

On July 21, 2019, an employee of the Organization was on a plane from Fort Worth to Houston, TX. The employee had a company laptop and was using it during the flight. Sometime after departing the plane after arrival, the employee noticed that the laptop was not in their carry-on luggage. The Organization assumes the laptop was left on the plane. The laptop was password protected (with a strong password) but not encrypted. The employee …
P2021-ND-081

Inter Pipeline Ltd.

On March 12, 2019, an employee with the Organization inadvertently enclosed a copy of an individual?s application for insurance in a letter to another client of the Organization. On March 20, 2019, the unintended recipient telephoned the Organization to report the error.
P2021-ND-080

Mother Parker?s Tea & Coffee Inc.

On February 25, 2019, a third party contractor notified the Organization that a data breach had occurred which consisted of unauthorized access to personal information. The contractor determined that an individual downloaded certain data from the contractor which included the Organization’s employee information.
P2021-ND-079

CDSPI

The Organization is a specialized Chartered Accountancy practice and provides tax consulting services to various clients. On February 22, 2019, the Organization was notified that one of is independent contractors had received a text message from an unidentified individual stating that the individual had gained access to and downloaded the Organization’s client data. The Organization took precautionary steps and changed all passwords for its remote access capabilities and locked down its servers. On February 25, …
P2021-ND-078

Geo Logic Systems Ltd.

In May 2020, the Organization’s third party vendor, Blackbaud, advised the Organization of a data security incident involving a ransomware attack on its systems, including its Raiser?s Edge software product used by the Organization. Blackbaud reported that it was able to successfully prevent the cybercriminal from blocking its system access and fully encrypting files, and ultimately expelled them from its system. However, prior to locking the cybercriminal out, the cybercriminal removed a copy of a …
P2021-ND-077

TGSI Canada Corp.

On December 2, 2019, the Organization received complaints from consumers about its checkout process. The Organization investigated and discovered that malicious code had been added to its ecommerce site (site) earlier the same day. The malicious code directed users to a spoofed webpage where they were asked to enter their payment card details in order to complete their purchases. Users who completed the payment card details page were then directed to the real webpage, where …
P2021-ND-076

Saybrook University

On July 14, 2020, a member of the public found personnel files in a grocery cart and contacted the Office of the Information and Privacy Commissioner (OIPC). The Organization reported that a ?Restaurant closure lead [sic] to employee files from old ownership not being discarded properly due to COVID-19 restrictions and miscommunication during permanent restaurant closure.? The Organization discovered the breach on September 21, 2020 when notified by the OIPC.
P2021-ND-075

Rooster Teeth Productions, LLC

On April 20, 2020, an ?Order Alert? email was sent to customers of the Organization. The purpose of the email was to inform recipients they had been mistakenly charged twice for online purchases. The Organization inadvertently entered email addresses in the ?cc? line, rather than the ?bcc? line. The incident was discovered on April 22, 2020.
P2021-ND-074

TH 17Th Ltd.

On September 1, 2020, the Organization was subject to a cyberattack, resulting in the exfiltration of records and the unauthorized encryption of some organizational infrastructure. The incident was discovered the same day, September 1, 2020; however, data exfiltration was confirmed 8 days later on September 9, 2020 after records were discovered on the dark web.
P2021-ND-073

Keurig Canada Inc.

On November 3, 2020, the Organization’s service provider, Kitewheel LLC., was subject to a ransomware cyberattack. The threat actor accessed and exfiltrated personal information and demanded a ransom payment. While the data were stored in an encrypted database, it is reported that the threat actor obtained access credentials and was able to de-crypt the records for extraction. The Organization was notified of the breach on November 3, 2020, and was further notified on November 13, …
P2021-ND-072

Windward Software Systems Inc.

On March 9, 2020, the Organization became aware of suspicious activity related to its email system. The Organization investigated and determined that there was unauthorized access to certain email accounts between ?December 19, 2010 and March 3, 2020?. The Organization reviewed the affected accounts and on June 25, 2020, determined that the email accounts contained some information related to individuals.
P2021-ND-071

Direct Energy Marketing Limited

On November 30, 2020, a laptop in the USA belonging to the Organization was hacked. The Organization reported malware was most likely introduced through a phishing attack that spread through its global network. The Organization’said its Active Directory may have been compromised and all Windows users across countries are affected. The Organization reported that the breach ended on December 4, 2020.
P2021-ND-070

POWER Engineers, Inc.

The Organization inadvertently mailed a client?s Disability Agreement letter to the wrong client. The breach was discovered on February 13, 2020 when the unintended recipient reported it to the Organization.
P2021-ND-069

Dormakaba International Holding GmbH

On November 30, 2020, a laptop in the USA belonging to the Organization was hacked. The Organization reported malware was most likely introduced through a phishing attack that spread through its global network. The Organization said its Active Directory may have been compromised and all Windows users across countries are affected. The Organization reported that the breach ended on December 4, 2020.
P2021-ND-068

Sun Life Financial

On November 7, 2020, an unknown individual entered the Organization’s premises and tampered with the drawer lock. The individual stole multiple documents and electronic devices. The theft was discovered later the same day when an Associate noticed damages to the drawer which had been locked.
P2021-ND-067

Boardwalk Rental Communities

On February 11, 2020, a void cheque belonging to one customer was emailed to another customer in error. The incident was discovered and reported to the department manager on the same day.
P2021-ND-066

Rifco National Auto Finance

On January 10, 2017, an email was sent to the Organization’s IT Manager claiming to be from the Organization’s Human Resource Manager. On January 12, 2017, the hackers sent a bogus email containing instructions about a ?new password? to employees of the Organization. One employee acted on the instructions, which led to the compromise. The incident was discovered on January 17, 2017 when the hackers sent screenshots of human resource documents and the Organization’s payroll …
P2021-ND-065

Grey Eagle Casino

On May 19, 2019, the Organization experienced a ransomware attack that encrypted the Organization’s systems. The Organization’s IT reported that an email was sent May 14, 2019 which activated a virus. The breach was discovered on May 21, 2019. The Organization was able to recover its data and, although it is unaware of any evidence to suggest that its data was accessed or exfiltrated, it was not able to conclusively determine the issue.
P2021-ND-064

Rocky Mountain House Society dba Rocky Mountain Support Services Society

On September 17, 2019, malicious actor(s) used valid credentials obtained from prior breaches unrelated to the Organization to access the some customer accounts. The incident was a remote cyber attack against a cloud based authentication service. Using Application Programming Interface (API) calls, the attackers used the previously exposed email address and password to log in, change the password, and then change the email address on file to an invalid email address. The breach was discovered …
P2021-ND-063

Aeroplan Inc.

On January 16, 2020, an employee with the Organization inadvertently switch two claims cheques and the cheques were stuffed into the other plan members? envelope. On January 22, 2020, the Organization received a telephone call from one plan member?s spouse stating that they received the wrong claim cheque inside their envelope. The Organization immediately contacted the other plan member and asked them to return the original document to the Organization.
P2021-ND-062

Employee Benefit Funds Administration Ltd.

In January 2019, documents including the information at issue were circulated to the Organization’s members through email and posted on its secure website. The incident was discovered on July 24, 2019 when one of the individuals notified the Organization that the information had been included in the documents. The Organization removed the information from the website and confirmed the emails that included the information at issue were deleted.
P2021-ND-061

Natural Gas Employees’ Association

On or around March 26, 2020, an employee of the Organization was notified by a third party about a suspicious email sent from the employee?s email account. The employee reported the suspicious activity to the Organization’s IT department. The Organization and a third party cybersecurity firm investigated the incident. The Organization believes that: (a) the employee?s email account was accessed by an unauthorized third party; (b) the period of potential unauthorized access to the employee?s …
P2021-ND-060

GroupHEALTH Family of Companies

On November 23, 2020, the Organization discovered its office was broken into and entered by an unknown thief. In order to preserve evidence nothing was touched around the desk area until November 24, 2020, at which time it was discovered that some session notes were missing.
P2021-ND-059

Marchand Psychological Services

On or around September 19, 2019, the Organization’s IT staff discovered that unauthorized spam messages containing malicious links that harvested credentials had been sent from the email account of one (1) of its employees. The incident took place between September 17, 2019 and September 19, 2019. The Organization took immediate steps to secure the affected account, engaged external legal counsel and a third-party cybersecurity firm to investigate the incident. The Organization’s investigation confirmed that a …
P2021-ND-058

PPI Management Inc.

Between June 25, 2019 and July 31, 2019, an employee of the Organization accessed and used personal information of a number of group retirement savings participants (only one resides in Alberta) for fraudulent transactions. The breach was discovered on July 29, 2019, when an irregular online transaction was blocked and reported. The Organization investigated, which led to the employee in question.
P2021-ND-057

Desjardins Financial Security

On June 14, 2019, the Organization learned from police that one of its employees exfiltrated client personal information over the course of at least 26 months. Police found files containing the personal information of 9.7 million active and inactive files of individuals during a police search in a fraud and identity theft case. As part of the employee?s responsibilities, the employee had access to personal information of banking members as well as credit cardholders and …
P2021-ND-056

Desjardins Group

The Organization reported ?(Likely) a phishing attack that enabled a 3rd party access to set up an email forwarding rule.? The incident occurred between June 16, 2020 and July 8, 2020. The incident was discovered by a vendor on July 8, 2020. The Organization’stopped the forwarding of email immediately. On July 14, 2020, the Organization also disabled the ability to forward email from any email Spud.ca account. The Organization reported that approximately 150 emails were …
P2021-ND-055

Sustainable Produce Urban Delivery, Inc.

On August 29, 2019, a staff member of the Organization went to pick up meals and discovered the meal bag wasn?t in the location it was left at. Six (6) meals were stolen and had clients? name and address with them.
P2021-ND-054

Calgary Meals on Wheels

On September 1, 2019, the information at issue was mistakenly published on the Organization’s website as the profile photo for a dog. The same day, two members of the public notified the Organization about the error. The personal information was displayed for about an hour and 20 minutes before it was taken down by the Organization.
P2021-ND-053

Edmonton Humane Society

The Organization retains a third party service provider, TSGI Corporation (TSGI), to process and analyze tax credits. TSGI advised the Organization that a (now) former employee of TSGI improperly accessed and collected data, some of which contained confidential information about the Organization’s current and former employees. The breach occurred between January 28, 2019 and February 20, 2019. The Organization understands the breach was discovered by TSGI on or about February 25, 2019. The Organization had …
P2021-ND-052

AppCarouselDirect Inc.

The Organization operates a portal that enables businesses to access consumer credit files for the purposes of assisting them in adjudicating credit applications. On August 19, 2019, the Organization determined that the user credentials for one of its corporate customers had been compromised. The corporate customer confirmed to the Organization that its credentials were used without authorization to access consumer credit files. As a result, an unidentified intruder was able to provide sufficiently detailed and …
P2021-ND-051

Trans Union of Canada Inc.

On February 26, 2019, a service provider advised the Organization that a former employee of the service provider improperly accessed and collected some of the service provider?s data and uploaded it onto a remote server. On March 15, 2019, the service provider advised the Organization that personal information of the Organization’s current and former employees and related individuals was amongst the client data that was stolen from its computer network. The service provider determined that …
P2021-ND-050

Canbriam Energy Inc.

LFconnect is a fitness app available from the Organization that tracks workout data. Data from the app?s crash reports were stored on a Google database. On April 24, 2018, the Organization received an email from a third party security firm advising that it had discovered a firebase database that contained crash reports for the LFconnect mobile application. The crash reports were for data between April 2016 and May 2017. The Organization reported that it has …
P2021-ND-049

Life Fitness, a division of Brunswick Corporation

On November 9, 2018, the Organization’s WordPress site was hacked. The breach was discovered on November 12, 2018 by staff attempting to access the website who were redirected to a malicious ad-rich site. The unauthorized users granted themselves administration accounts on November 10, 13 and 15, 2018. As such, they would have been able to see the personal information of individuals who paid for continuing education courses or employment ad space, and those who filled …
P2021-ND-048

Alberta College and Association of Opticians

On May 14, 2020, an employee of the Organization detected a possible phishing attack and investigated. The Organization discovered that an employee?s smartphone SIM card had been ported to a new carrier by unknown external actor(s) who used the SIM to access the employee?s Google account, and then the Organization’s systems through Google?s single sign-on interface, and to download a database of customer information. The accounts of at least 11 customers were accessed and the …
P2021-ND-047

BlockFi, Inc.

On April 3, 2020, an employee was conversing by email with a customer but inadvertently used the ongoing email thread in an email to a different customer. The employee who made the error reported it to a supervisor. The customer who received the information in error was contacted and agreed to delete the email. The breach was discovered on April 4, 2020.
P2021-ND-046

Rifco National Auto Finance

Sometime in March/April 2020, the Organization’s storage locker was broken into. The incident was discovered on August 28, 2020 when police notified the Organization that employee files had been discovered during an operation on June 19, 2020. When the Organization went to the storage locker, it discovered a box of employee files was missing. On September 16, 2020, the Calgary Police Service returned the box of files to the Organization.
P2021-ND-045

RedBloom Salons

On July 16, 2020, the Organization was notified of a security incident by Blackbaud, a third-party provider of cloud computing services for educational institutions and other not-for-profit organizations. The Organization uses Blackbaud?s customer relationship management (CRM) platform to support its data for alum, parents, students and broader community. Blackbaud informed the Organization that its database backup had been affected by a security incident, which began in February 2020, but that they discovered in May 2020. …
P2021-ND-044

The Country Day School

On November 5, 2020, an unauthorized third party gained access to the Organization’s business servers located in St Louis (USA). On November 12, 2020, the Organization’s IT team noticed anomalies and investigated. On November 13, 2020, the Organization found suspicious software running on an internal system. The system was also seen to be generating outbound traffic to an unknown IP address. The Organization reported that human resource related identity information might have been targeted and …
P2021-ND-043

Belden Canada ULC

On December 5, 2020, the Organization’suffered a ransomware attack on its computer network. A high percentage of the Organization’s information technology infrastructure was infected, with several servers and endpoints encrypted. A malicious external actor committed the cybersecurity breach. The Organization reported that it did not find any evidence of misuse of personal employee information; however, it did find evidence that personal employee information was exfiltrated from its network and posted to the threat actor?s data …
P2021-ND-042

CDN Controls Ltd.

On May 28, 2020, the Organization discovered that unauthorized script was placed on the checkout page of its website. The script potentially allowed for the capture of information submitted by customers if the customer was using the credit card payment function and the ?place your order? button was selected. The Organization reported that the unauthorized script was likely placed on its website on or about May 10, 2020.
P2021-ND-041

Kroto Inc., dba iCanvas

On or about July 1, 2020, an email phishing attack was carried out against a former employee who was working for the Organization in a consulting capacity. As a result of the attack, a threat actor gained unauthorized access to the Organization’s network(s). On or about July 31, 2020, the threat actor gained access to the Organization’s servers and domain controller. The incident was discovered on August 9, 2020 when IT staff found malicious text …
P2021-ND-040

Brookfield Residential Properties Inc.

On January 27, 2020, insurance policy contracts were placed into incorrect courier packages. Subsequently, the documents were delivered to unintended recipients.The breach was discovered 10 days later on February 6, 2020 when the intended recipients contacted the Organization asking where the contracts were. The Organization is unable to confirm if the documents have been returned or destroyed.
P2021-ND-039

ivari

On June 11, 2020, the Organization was contacted by a security researcher who claimed the Organization’s e-commerce site had been compromised. The Organization investigated and identified and removed unauthorized code form its ecommerce site on Friday, June 12, 2020. The code was capable of obtaining information entered by customers during the online checkout process and sending it out of the Organization’s system. Purchases made in Organization’s retail store locations were not involved. The Organization reported …
P2021-ND-038

Claire?s Store Inc.

The Organization was switching its in-house accounting/bookkeeping products and needed to migrate data to the new platform. The Organization engaged an individual to provide technical support, believing the individual was associated with the accounting software company. The individual was granted remote computer access and uploaded an accounting file containing the information at issue. The individual was also given the account number for the online bookkeeping account, but was not given the password. Immediately after the …
P2021-ND-037

Leduc Mechanical Industries Inc.

On February 28, 2020, an insurance advisor?s vehicle was broken into. A briefcase containing two laptops and client paper files was stolen. The incident was discovered and reported to local police authorities on the same day. It is reported that one of the laptops was not password protected, and neither device was confirmed to be encrypted.
P2021-ND-036

ivari

The Organization participates in a joint venture with another organization, MegaSys Enterprises Ltd. (MegaSys), that is responsible for the integrity of the computer network. On May 11, 2020, ransomware encryption was triggered and the perpetrator indicated that personal files have been downloaded although the Organization cannot confirm this. All of the Organization’s Windows based PCs connected to the domain server were attacked by the ransomware. The breach was discovered initially by an external customer who …
P2021-ND-035

Worth Ventures Ltd.

On or around May 31, 2019, a customer brought a computer to the Organization’s Grand Prairie store to be sent to the manufacturer for repair. The Computer was repaired and returned to the store by courier on or around June 12, 2019; however, it was lost while in transit. The breach was discovered on July 24, 2019.
P2021-ND-034

Best Buy Canada Ltd.

On March 6, 2020, a case containing a laptop and paper records was stolen during a vehicle break-in. Law enforcement was notified on the same day. The following day, some the paper records were found nearby and recovered.
P2021-ND-033

Michael Neeland

On December 12, 2020, one of the Organization’s staff members was the victim of a carjacking. At the time, the staff member was transporting documents and a non-encrypted USB drive to the Organization’s office. No personal information was stored on the USB device. On January 13, 2021, the vehicle was found in Kelowna B.C.; however, the vehicle?s contents were not recovered.
P2021-ND-032

Southgate Medallion Family Day Homes Ltd.

On June 15, 2020, the Organization couriered a contract to an advisor?s home address for subsequent delivery to a client. The courier buzzed to get in to the advisor?s building and an individual gave the courier access, saying they would provide the package to the advisor; however, this did not happen. On June 23, 2020, the advisor reported to the Organization that she had not received the package. An investigation was conducted; however, all efforts …
P2021-ND-031

Raymond James Financial Planning Ltd.

On or around September 13/14, 2020, an emergency bag containing first-aid and emergency supplies, as well as the emergency information cards of 11 children in care, was stolen from an employee?s vehicle. The breach was first discovered by the employee on September 14, 2020. The employee reported the incident to the Organization on September 15, 2020.
P2021-ND-030

Young Men?s Christian Association of Edmonton (YMCA of Northern Alberta)

On August 12, 2019, an Excel spreadsheet containing certain personal information was inadvertently emailed to the Organization’s internal sales representatives distribution list. The list included mainly internal Organization email addresses; however, there were some external email addresses (for individuals within the Organization’s sales network). The breach was discovered on August 13, 2019 by the employee who sent the email. On August 13, 2019, an email was sent to those on the original distribution list advising …
P2021-ND-029

DIRTT Environmental Solutions Ltd.

On December 30, 2020, the Organization was the victim of a phishing attack when a staff member opened an email attachment that contained malware. The breach was discovered on January 4, 2021 when unusual emails were detected by the Organization’s email filtering system. The Organization investigated and found that the perpetrators could have gained access to personal information.
P2021-ND-028

Herbers Autobody Repair Inc.

On October 1, 2019, the Organization discovered that a staff member?s email account was compromised and messages received by this email account had been forwarded externally. The Organization’said that only incoming emails were affected by the email-forwarding rule. The breach occurred on or about September 17, 2019 to October 29, 2019. The Organization reported that the documents involved did not include completed mortgage documentation and the information involved is publicly available through the land titles …
P2021-ND-027

Barr Picard Law

On March 27, 2020, the Organization learned that its computer system was impacted by a ransomware event that encrypted certain files. Some files were copied from the system in connection with the attack. On or about June 10, 2020, the Organization determined that a limited number of documents that may have been copied contained some personal information. The Organization reviewed the contents of all files that may have been acquired. As the Organization could not …
P2021-ND-026

Frederick W. Howarth III d/b/a TBG West Insurance Services

On or about May 27, 2020, the Organization began investigating a report from a customer of an unusual payment card charge. The investigation determined that the Organization was the victim of a sophisticated cyberattack that may have resulted in a compromise to some of its customers? credit and debit cards used to make purchases on its website, www.yogafit.com, between April 11, 2020 and May 27, 2020.
P2021-ND-025

YogaFit Training Systems Worldwide, Inc.

The Organization maintains an online store (www.apwa.net/store/), through which members can pay dues, purchase merchandise and educational resources, and register for events. On or about May 8, 2020, the Organization was notified about a potential scripting issue within the software that supports its cloud-based association management software. On or about May 15, 2020, the Organization was notified that the issue was a vulnerability that presented a security risk because it could facilitate a ?man in …
P2021-ND-024

American Public Works Association

On June 12, 2020, the Organization became aware it was the victim of a cybersecurity attack. An unauthorized third party deployed ransomware in an attempt to encrypt the Organization’s technology infrastructure. Some of the Organization’s employees experienced complications with email, however, there were no interruptions to its business operations. On July 1, 2020, the Organization discovered that the unauthorized third party had in fact gained access to and exfiltrated the personal information of employees and …
P2021-ND-023

Pivot Technology Solutions Inc.

On June 25, 2020, the Organization discovered that between August 31, 2019 and November 10, 2019, an unauthorized person accessed certain of the Organization’s employees? email accounts at various times. The Organization was not able to determine which emails and attachments, if any, were accessed by the unauthorized person, but conducted a comprehensive review of the contents of the email accounts. To date, the Organization has no evidence of any misuse of the information as …
P2021-ND-022

Mitten Building Products

The Organization uses a third party provider?s customer relationship management (CRM) platform to support its data for alumni, parents, students and the broader community. On July 16, 2020, the third party provider (Blackbaud) informed the Organization that its database backup had been affected by a ransomware incident, which began in February 2020, but was discovered in May 2020. According to Blackbaud, after discovering the attack, it successfully prevented the cybercriminal from blocking system access and …
P2021-ND-021

Branksome Hall

In the early morning of September 26, 2019, the Organization’s offices were broken into. The perpetrator(s) went through numerous filing cabinets and desks, including paperwork with credit card information; however, no paperwork was missing. The motion sensor alarm was triggered and the police, the security company, and the facility Maintenance Manager, who had discovered the unauthorized person on camera, attended the facility and saw papers disturbed and strewn about the floor.
P2021-ND-020

Edmonton Soccer Association Facilities

The Organization learned that an unauthorized individual gained access to personal information in certain of its online accounts from approximately April 28, 2020 to May 13, 2020. The Organization believes that the individual capitalized on a breach of another company?s system where the customer may have used the same login information.
P2021-ND-019

Victoria?s Secret Store Brand Management, LLC

The Organization has a job profile builder that members can used to create a job profile. Between June 2018 and June 2019, job seekers could either request that a PDF of their job profile be sent by email to themselves or to a potential employer. This is done using a link sent to the job seeker or the potential employer from which a PDF can be downloaded. During the process for sending the email, the …
P2021-ND-018

Christian Labour Association of Canada

On September 5, 2019, the Organization discovered a former employee?s email account had been accessed without authorization. The breach was discovered when an employee from Scotiabank (Edson Branch) brought over paperwork to be signed, authorizing the transfer of funds to an unknown account to pay an overdue invoice. The bank had received the request to transfer the funds from the former employee?s email account with the Organization.
P2021-ND-017

Edson Medical Centre

The Organization provides salary compensation information to its service provider, Korn Ferry, on an annual basis. On June 26, 2020, Korn Ferry learned, through a blog post by a security researcher, that an Amazon Web Services S3 Server (AWS S3 Server) contained data submitted to Korn Ferry by the Organization related to 2018 salaries. The data was inadvertently made publicly available on the AWS S3 Server on July 24, 2019 and was removed on June …
P2021-ND-016

JTI-Macdonald Corporation

In June 28, 2019, an administrative error caused an investment update document to be inadvertently mailed to out of date addresses. The addresses were former employment addresses for now retired clients. The breach was discovered on July 2, 2019 when an unintended recipient reported opening and subsequently shredding the mailing.
P2021-ND-015

Richardson GMP Ltd.

On August 22, 2019, the Organization’s Board meeting was audiotaped, including the ?in camera? session where two employees? employment status (disciplinary review, medical leave) were discussed in detail. On September 10, 2019, an anonymous email was sent to twenty-plus (20+) club members (parents) containing extensive verbatim quotes made by Board Members at the August 22, 2019 meeting. The Organization reported that it is not clear who was involved and the exact details of the creation …
P2021-ND-014

Salta Gymnastics Club

On September 23, 2019, the Organization’sent reminder notices on overdue continuing professional development submissions. The full list of member names, emails and member IDs of the 77 members receiving the notice were inadvertently included in the email. The breach was discovered the same day.
P2021-ND-013

Association of Professional Engineers and Geoscientists of Alberta

On July 15, 2019, the Organization mailed Financial Investment renewal notices to 2,118 members. Page 1 of the notice was addressed to and received by the correct individual; however, page 2 of the notice contained investment information for another member. The incident resulted from an error on the part of a third party vendor used by the Organization for printing and mailing. The error was discovered on July 18, 2019 when a member contacted the …
P2021-ND-012

Connect First Credit Union Ltd.

On September 19, 2020, a criminal organization attempted to access the Organization’s systems. The Organization became aware of the attack on or about October 5, 2020, when certain systems started to encrypt, affecting the Organization’s operations. On October 16, 2020, the Organization paid a ransom and in return received delete logs, which provide evidence that all exfiltrated files (including all files containing personal information) have been securely deleted.
P2021-ND-011

Olymel LLP

On September 19, 2020, a criminal organization attempted to access the Organization?s systems. The Organization became aware of the attack on or about October 5, 2020, when certain systems started to encrypt, affecting the Organization?s operations. On October 16, 2020, the Organization paid a ransom and in return received delete logs, which provide evidence that all exfiltrated files (including all files containing personal information) have been securely deleted.
P2021-ND-010

Best Buy Canada Ltd.

On or around January 27, 2020, one of the Organization’s Geek Squad Agents filled out a site survey form at a customer?s home to summarize the service performed and to provide additional information about the site conditions. The booklet containing the form was subsequently misplaced.
P2021-ND-009

Aurora Cannabis Enterprises Inc.

Between December 24 and December 26, 2020, the Organization was subject to a cyberattack involving unauthorized access to their SharePoint environment. The incident was discovered on December 25, 2020, when the threat actor contacted the Organization, claiming to have hacked into the Organization’s system. Upon investigating, the Organization found that the incident resulted from use of credentials that a third party service provider included in an email. The Organization uses a third party service provider …
P2021-ND-008

Servus Credit Union Ltd.

An error in the printing and folding of tax receipts resulted in social insurance numbers being visible in the address window of mail sent to individuals on February 10, 2020. The Organization was notified by a recipient on February 16, 2020. On February 19, 2021, the Organization determined that 262 notification letters were not delivered as expected in February or March of 2020. It was indicated that the error was due to miscommunication and remote …
P2021-ND-007

ATB Financial

On February 6, 2020, an employee?s backpack was stolen as the result of a vehicle break-in. The backpack contained an encrypted laptop, tablet, and paper documents. The breach was discovered the same day. At the time of the incident, the laptop was powered on and locked; the tablet was powered off. Access to the Organization’s resources was revoked the same day for both devices. On February 12, 2020, the backpack was returned to the employee?s …
P2021-ND-006

Don Wheaton Chevrolet GMC Buick Cadillac Ltd.

On December 23, 2020, the Organization’s service desk received and opened an email that activated malware. A single computer and single email address were infected. On December 28, 2020, unusual activity in the email account led to it an investigation by IT and cyber security personnel. The virus was discovered and removed immediately. The effect of the virus was not apparent at that time. On January 5, 2021, a customer (insurance company) reported receiving two …
P2021-ND-005

Ridley College School

The Organization uses a third-party service provider, Blackbaud, who provides a CRM platform to manage information related to donors, students and alumni. On July 16, 2020, the Organization was advised by Blackbaud that cybercriminals accessed their system by using the credentials of a customer who was using Blackbaud?s self-hosted environment, and attempted a ransomware attack. The cybercriminal was able to bypass standard anti-virus controls, before detection. Blackbaud says that it successfully prevented the cybercriminal from …
P2021-ND-004

London Life Insurance Company

On June 25, 2019, an insurance contract containing client personal information was sent from the Organization’s head office in Ontario to an advisor’s office in Alberta. The contract was sent via secure mail through the Organization’s internal mail service but tracking information was not retained and the contract did not arrive at its destination. The incident was discovered on July 9, 2019, when the advisor confirmed that the contract had not arrived at the advisor’s …
P2021-ND-003

AltaSteel, Inc.

On November 18, 2020, two employees reported to IT that they were receiving bounce back emails indicating “Your organization does not allow external forwarding”. On November 20, 2020, the Organization’s investigation confirmed that 5 employee email accounts were set up with rules forwarding emails to an external email address. Of these 5, three (3) did not appear to be set up by individuals and were forwarded to external unknown email addresses (@gmail.com). The Organization reported …
P2021-ND-002

Deluxe Small Business Sales Inc., operating as MAC Highway

The Organization manages customer accounts through an administrative portal that is owned and managed by a third party, Endurance International Group, Inc., and operated as www.resellerclub.com. On December 2 and December 17, 2020, authorized employees were unable to log in to the administration portal; on each occasion the passwords were reset. On December 21, 2020, the Organization investigated and found the password to the portal had been compromised and an unauthorized individual had access to …
P2021-ND-001

Custom Electric Ltd.

On December 22, 2020, a payroll administrator sent an email attaching employee payroll earning statements to the operations manager and the president for review ahead of submission to the bank for bi-weekly payroll. Earlier that day, the operations manager had received a phishing email; the sender represented themselves as the Organization’s president. As a result, when the payroll administrator sent the email to the operations manager and the president, the cache in her inbox attached …
P2020-ND-201

Pacific Oaks College

In May 2020, the Organization?s third party vendor, Blackbaud, advised the Organization that it had experienced a ransomware attack on its systems, including its Raiser?s Edge software product used by the Organization to manage alumni and donor information. Blackbaud reported that it discovered and stopped a ransomware attack. Blackbaud successfully prevented the cybercriminal from blocking its system access and fully encrypting files, and ultimately expelled them from its system. However, the cybercriminal removed a copy …
P2020-ND-200

The Chicago School of Professional Psychology

In May 2020, the Organization?s third party vendor, Blackbaud, advised the Organization that it had experienced a ransomware attack on its systems, including its Raiser?s Edge software product used by the Organization to manage alumni and donor information. Blackbaud reported that it discovered and stopped a ransomware attack. Blackbaud successfully prevented the cybercriminal from blocking its system access and fully encrypting files, and ultimately expelled them from its system. However, the cybercriminal removed a copy …
P2020-ND-199

Luxury Hotels International of Canada ULC, a wholly owned, indirect subsidiary of Marriott International, Inc.

On February 26, 2020, the Organization discovered a higher than normal amount of lookup activity on its guest reservation application associated with login credentials of two employees of a franchisee property in Russia. The change in volume associated with one set of credentials started on January 11, 2020, and the other on January 14, 2020. On June 29, 2020, the Organization reported it had identified a small amount of prior unauthorized lookup activity between September …
P2020-ND-198

Heart and Stroke Foundation

The Organization manages personal information related to volunteer and donor relations, communications and for historical record keeping through its service provider, Blackbaud. On July 16, 2020, Blackbaud advised the Organization that cybercriminals accessed Blackbaud?s system by using the credentials of a customer who was using Blackbaud?s self-hosted environment, and attempted a ransomware attack. Blackbaud advised that it was able to successfully prevent the cybercriminal from fully blocking system access and fully encrypting files, and was …
P2020-ND-197

Food Banks Canada

On July 16, 2020, the Organization was notified by its third-party fundraising software provider, Blackbaud, that Blackbaud had experienced a ransomware attack. The cybercriminal was prevented from blocking Blackbaud?s system access and fully encrypting files; however, prior to locking the cybercriminal out, a copy of a backup file was removed from the Blackbaud system. The breach occurred between February 7, 2020 and May 20, 2020. Blackbaud paid the ransom demand after receiving confirmation that the …
P2020-ND-196

NAFSA: Association of International Educators

The Organization discovered that an unauthorized third party may have gained access to customer information entered into form fields on its online store (https://shop.nafsa.org/) checkout page between April 8, 2020 and May 15, 2020.
P2020-ND-195

Canadian Bible Society

On July 16, 2020, the Organization received notice from Blackbaud, a third-party service provider, that Blackbaud had experienced a ransomware attack. The Organization reported that, according to Blackbaud, the attack was discovered on May 14, 2020. The incident affected Blackbaud’s back-ups, and not live operational data. Donor information resident on the back-ups from the period of February 7, 2020 to May 20, 2020 were impacted. Blackbaud paid a ransom in return for the assurance the …
P2020-ND-194

St. Marys Healthcare Foundation

The Organization uses a third-party service provider, Blackbaud, to manage its donor and organization data, and to communicate with various members of its community. On July 16, 2020, the Organization received a notice from Blackbaud reporting that it had discovered and stopped a ransomware attack. However, prior to locking the cybercriminal out, the cybercriminal took a copy of the Organization?s backup file, which contained certain individuals? personal information. This occurred at some point beginning on …
P2020-ND-193

car2go NA, LLC and car2go Canada Ltd. dba as SHARE NOW

*n or about May 20, 2020, an unauthorized third party(ies) used North American IP addresses to perpetrate a ?brute force? attack against the Organization?s online customer account system. The attacker made repeated trial-and-error attempts to log into the Organization?s online customer accounts using email addresses combined with hundreds or possibly thousands of passwords. Some of the email addresses used by the attacker belong to the Organization?s customers and former customers but other email addresses do …
P2020-ND-192

Kohl Children’s Museum of Greater Chicago

On July 16, 2020, the Organization received notice that its third-party cloud computing provider, Blackbaud, had been the target of a ransomware attack in May 2020. The Organization reported that Blackbaud reported that data was exfiltrated by the unknown actor at some point before Blackbaud locked the unknown actor out of the environment on May 20, 2020. On or about August 5, 2020, the Organization received further information from Blackbaud that allowed it to confirm …
P2020-ND-191

Save the Children Federation, Inc.

On July 16, 2020, the Organization received notice that its third-party service provider, Blackbaud, had been the target of a ransomware attack. The Organization reported: We understand from Blackbaud that the incident began in February, when the hacker gained access to Blackbaud?s system, and continued until May 2020, when Blackbaud discovered the hacker was attempting to carry out a ransomware attack. … Unfortunately, the hacker was able to make a copy of some data on …
P2020-ND-190

ADRA International (Adventist Development & Relief Agency)

In July 2020, the Organization received notice from its third party service provider, Blackbaud, that Blackbaud had discovered a cyberattack on one of its systems that houses donor information. The Organization reported that the breach was ?discovered in May 2020? and ?…may have included personal data for some of our … supporters?. The Organization reported that ?A detailed explanation of the incident is available on Blackbaud’s website at: blackbaud.com/securityincident.? This website describes a ransomware attack, …
P2020-ND-189

Audio Visual Services Group, LLC d/b/a PSAV

On or about January 15, 2020, the Organization learned that an unauthorized party had gained remote access to certain employees? business email mailboxes. The unauthorized activity was part of an apparent attempt to use email accounts to re-route wire transfer payments from vendors to bank accounts under the control of the unauthorized party. The Organization?s investigation found the unauthorized access began on or before October 22, 2019 and ended on or about February 5, 2020.
P2020-ND-188

Leibel Insurance Group

The Organization?s service provider, Trufla Technology Ltd., provides access to a cloud based lead management platform and a cloud based customer service platform. On November 10, 2020, the service provider was working on a new feature, and created a separate database on a separate hosting account using sample data copied from transactions relating to the Organization. On November 11, 2020, the service provider found that the information had been taken by an unauthorized individual who …
P2020-ND-187

KandyPens, Inc.

In January 2020, the Organization became aware of suspicious activity associated with the online payment process for its e-commerce platform. An investigation determined that an unauthorized user gained access to the Organization?s online payment platform and credit and debit card information entered between March 7, 2019 and February 13, 2020 may have been compromised.
P2020-ND-186

SimpleTax Software Inc.

On July 2, 2020, the Organization became aware of a credential stuffing incident involving attempts to access data from certain user accounts. The Organization reported that it appears an unauthorized individual(s) was able to log in to user accounts between June 28 and July 2, 2020, using valid usernames and passwords. The Organization?s investigation indicates that the credentials were not obtained from its systems, but rather from another site or app where the user used …
P2020-ND-185

SalonBiz

On May 29, 2020, the Organization detected unusual activity within an employee?s email account. The Organization secured the account and launched an investigation. An independent forensics firm determined that one employee email account was accessed without authorization. On August 7, 2020, the Organization learned the email account contained personal information which may have been accessed by an unauthorized actor.
P2020-ND-184

Rifco National Auto Finance Corporation

On March 11, 2020, an employee of the Organization was corresponding with a customer by email and inadvertently used an email string that contained another customer?s personal information. On March 13, 2020, the customer who received the information in error alerted the Organization and provided a copy of the email she had received.
P2020-ND-183

The Co-Operators Group Limited

On June 26, 2020, the Organization was compiling information in response to a client?s request for a copy of her file. While processing the request, the Claims Team noticed that the client?s profile had been accessed on June 12, 2020. The access was flagged because the employee who accessed the client?s profile works in a department that would not have been required to be in the claim because of the stage the claim was at. …
P2020-ND-182

Hull Services

The Organization reported it uses an external database called Blackbaud Raiser’s Edge NXT to store information related to its donors and volunteers. On July 16, 2020, Blackbaud informed the Organization that, in May 2020, it discovered and stopped a ransomware attack. The back up copy of the Organization?s Raiser’s Edge NXT and NetCommunity files were involved in the attack. Blackbaud advised it had successfully prevented the cybercriminal from blocking its system and fully encrypting the …
P2020-ND-181

AccSys, LLC d/b/a/ Restaurant Magic

Around March 10, 2020, the Organization was alerted to suspicious activity within four (4) email accounts belonging to email users of the Organization. The Organization determined that email accounts were accessed without authorization between March 4, 2020 and March 10, 2020; only one (1) of the email accounts was accessed for the entire time.
P2020-ND-180

ENMAX Corporation

On March 29, 2020, the Organization was the target of a malicious spear phishing campaign. Fifteen (15) email addresses of current employees and three (3) inactive email addresses of previous employees were targeted. Of the eighteen (18) targeted recipients, four (4) emails evaded the Organization?s spam filter. One (1) employee clicked on the link embedded in the email, which allowed the attacker to access the employee?s email profile. The unauthorized access resulted in a number …
P2020-ND-179

GAIN Capital-Forex.com Canada, Ltd.

The Organization is a subsidiary of GAIN Capital Holdings Inc.; the latter provides data processing and hosting services to the Organization. On April 14, 2020, an external threat actor gained access to the service provider?s network and created user accounts with administrative privileges. This enabled the threat actor to access servers which include customer personal information. The threat actor ran several queries against client databases, and also extracted a zip file that may contain some …
P2020-ND-178

Sabina Gold & Silver Corp.

On or about March 28/29, 2020, an unknown individual accessed an employee?s e-mail inbox. The attacker set up an auto-forwarding rule which caused certain emails containing personal information of a group of employees and contractors to be forwarded to an external Gmail account. The Organization determined the attacker had somehow obtained the employee?s credentials (password) and accessed the account through a legacy protocol. The Organization?s investigation did not conclusively find evidence regarding how the credentials …
P2020-ND-177

Sun Life Assurance Company of Canada

On August 19, 2020, the Organization sent a claim status letter to the individual?s employer benefits general email account. The individual works with the team that administers benefits for their employer; as such, their personal information was potentially disclosed to colleagues. Eight days later, on August 27, 2020, the employer discovered the email, deleted the message, and informed the Organization.
P2020-ND-176

ENMAX Corporation

On May 4, 2020, an employee was subject to a targeted phishing attack. A malicious email directed the user to a webpage where they were prompted to enter their login credentials. The attackers were able to use the credentials to access the employee?s email account containing the information at issue. The breach was discovered and contained 2 days later on May 6, 2020 by the Organization?s IT Security team. The Organization was unable to confirm …
P2020-ND-175

Mattress Insider LLC

An unauthorized entity added malicious script to the Organization?s payment gateway at mattressinsider.com. The script potentially sent payment card data to an unauthorized third-party website. The breach was discovered on May 14, 2020 when the Organization was notified by its credit card acquirer, WorldPay, about fraudulent charges on cardholders’ credit card accounts. The Organization?s investigation determined that the personal information may have been compromised between January 11, 2020 through May 14, 2020.
P2020-ND-174

Connect First Credit Union Ltd.

On May 4, 2020, an employee was conversing with 2 separate individuals on 2 separate loan applications. An email was subsequently sent to one of the individuals with an attachment containing a completed statement of affairs for another individual. The incident was discovered the same day when the email recipient reported the error to the Organization.
P2020-ND-173

Shady Hill School

On July 16, 2020, the Organization received notice that its third-party service provider, Blackbaud, had been the target of a ransomware attack. The Organization reported: Blackbaud ransomware occurred from 2/20/2020 to 5/20/2020 where cyber criminals had access to personal information. Blackbaud with the help of the FBI paid the ransom and ensured all exfiltrated information was destroyed.
P2020-ND-172

Olson Curling Inc.

The Organization uses a third party service provider for document shredding and destruction services. On April 24, 2020, thieves broke into and stole the service provider?s truck, which contained the Organization?s files. The truck was recovered the same day. Some of the material that was in the truck was discarded and found in an alley in a new construction area not far from where the truck was stolen. Material was recovered from that location and …
P2020-ND-171

Ambrose University

On July 16, 2020, the Organization received an email from its cloud hosting service provider, Blackbaud Inc., reporting a remote attack on Blackbaud?s servers that was discovered on May 14, 2020. Blackbaud advised the Organization that it prevented the cybercriminals from gaining full access to its systems, but the attackers did remove a copy of a subset of data, including the information at issue.
P2020-ND-170

MEM Psychological Services Inc.

On March 16, 2020, the Organization sent an email to clients informing them how to access virtual services. The email was sent to 41 clients without blind copying client names and email addresses. A second email containing a consent form for virtual services was then sent to 11 clients without blind copying client names and email addresses. The incident was discovered the same day, when a client forwarded one of the emails to a Psychologist, …
P2020-ND-169

1883865 Alberta Ltd. / Knoxville?s Tavern

On February 28, 2020, due to a technical error, the Organization emailed employee T4s to incorrect recipients (past and / or present employees). The incident was discovered the same day when an employee reported receiving the wrong person?s T4. At the time of the report, the Organization did not confirm whether all recipients of the erroneously delivered T4s permanently deleted the record, as requested in the Organization?s notification emails.
P2020-ND-168

ivari

On March 1, 2020, a password protected laptop, and a bag containing client files, were stolen from a locked vehicle (break-in). Local police authorities were informed on the same day.
P2020-ND-167

Boardwalk Rental Communities

On May 18, 2020, an unknown individual entered the leasing office at the Organization?s Viking Arms location. A number of items were stolen including documents, a cellphone, a debit card machine, log book, a note book and a Sonim.
P2020-ND-166

Minted LLC

The Organization became aware of a report that mentioned it as one of ten companies impacted by a potential cybersecurity incident. On May 15, 2020, the Organization discovered that on May 6, 2020, an unauthorized actor gained access and obtained information from the Organization?s user account database.
P2020-ND-165

LiveAuctioneers, LCC

On June 19, 2020, one of the Organization?s technology service providers was subject to a cyber attack. The attackers gained access to several of the Organization?s environments, including Github and Amazon Web Services (AWS). The attackers obtained internal user credentials which were used to access and download a database containing the information at issue. On July 2, 2020, the Organization was notified by its service provider that the systems had been compromised. On July 11, …
P2020-ND-164

Special Olympics Alberta Association

On December 27, 2019, a volunteer with the Organization noticed that someone had rifled through her car and trunk. In her trunk, there was a binder containing information about Lethbridge five-pin bowling athletes. The binder has not been recovered to date.
P2020-ND-163

ivari

A paramedical form that was completed in Alberta was received at the Organization?s Brampton, Ontario office, but the whereabouts of the form is not known. A courier package tracking slip confirms delivery to the Brampton office. The Organization reported the breach occurred on March 3, 2020. A service provider to the Organization advised the Organization of the situation on March 13, 2020.
P2020-ND-162

World Financial Group Insurance Agency of Canada Inc.

On March 1, 2020, a vehicle belonging to an employee of the Organization was broken into. A password protected laptop containing client information and a locked bag of client files were stolen from the vehicle. Law enforcement was notified on the same day, followed by notification to the Organization?s privacy personnel on March 6, 2020.
P2020-ND-161

LUS Brands Inc.

The Organization uses a service provider, Klaviyo Inc., to help deploy email to the Organization?s clients. On March 5, 2020, the Organization was made aware that Klaviyo suffered a security breach incident, which occurred between November 13-29, 2019. An unauthorized third party was able to manipulate parameters associated with URLs for Klaviyo?s ?unsubscribe? and ?update subscription? functions. This resulted in a successful auto-population of fields within these forms with personal information the unauthorized third party …
P2020-ND-160

Hyde’s Distrubtion

On April 21, 2020, the Organization discovered that purchase orders made through the website www.zippo.ca using credit cards might have been at risk of compromise due to the actions of an unknown external third party. The Organization was made aware that malware known as a web skimmer script was used on the website to steal personal and payment information. The Unauthorized actor had access to the Organization?s network between February 20, 2020 until April 23, …
P2020-ND-159

Canadian Fertilizers Limited (a wholly owned subsidiary of CF Industries Holdings, Inc.)

On June 4, 2020, an unknown third party gained access to the Organization?s data through a remote access server. The Organization?s investigation found the third party gained unauthorized access through a brute force attack of a single account. Files from two servers were removed from the network and stored (although not published publicly) on an online cloud storage website. During the investigation, the files that had been stolen were deleted from the online cloud storage …
P2020-ND-158

You Can Trade Inc., a subsidiary of TradeStation Group Inc.

On May 28, 2020, the Organization discovered that customer personal data had been accessed by one or more unauthorized persons in February. The Organization discovered that two domains were hosting a replica of the Organization?s website; one in Iran, and the other in India. A recently hired developer made an unauthorized back up copy of the Organization?s database and website, and imported the data to an unauthorized server. The system was unprotected, with ports open …
P2020-ND-157

Ashbury College

On July 16, 2020, the Organization was notified by its software service provider, Blackbaud, that Blackbaud had experienced a remote attack on its servers. Blackbaud informed the Organization that it was able to expel the ransomware from its system but before it was removed, hackers were able to extract certain files that contained personal information of the Organization?s constituents. The Organization reported that it is not aware of how the ransomware entered the system or …
P2020-ND-156

Cognizant Technology Solutions Canada Inc.

On April 20, 2020, the Organization was the victim of a ransomware attack carried out by international cyber criminals. The Organization learned that the attackers staged and likely exfiltrated a limited amount of data from its systems. Based on its investigation, this activity occurred between April 9 and 11, 2020.
P2020-ND-155

Burgundy Asset Management Ltd.

On or about April 21, 2020, an employee of the Organization clicked on a phishing email and entered his log-in credentials for his work email account. Intermittently between April 21, 2020 and May 12, 2020, the credentials were used by an unauthorized party to log into the employee?s work email account via the Organization?s web-based access. On May 12, 2020, phishing emails that appeared to spoof the employee?s email address were sent to individuals whose …
P2020-ND-154

Goodman Mintz LLP

On June 12, 2020, an employee with the Organization turned on his computer and found that he could not access data files from the Organization?s server. The issue was caused by a malware infection known as ?REvil?; the first evidence of malicious activity was on June 10, 2020. The attacker actor(s) demanded a ransom in exchange for the decryption key, and if the ransom was not paid, the files would remain encrypted, and any data …
P2020-ND-153

E.H. Wachs

The Organization discovered that, from February 15 to February 28, 2020, unauthorized individuals installed ransomware on certain of its servers. The Organization reported that although unauthorized individuals could have infiltrated the servers, it had no reason to believe that any personal information was viewed or accessed.
P2020-ND-152

Canadian Back Institute Operating Limited Partnership

An Ontario payroll administrator?s password was compromised, resulting in unauthorized access to a cloud-based employee payroll system. During the unauthorized access, banking information was changed for a subset of seven (7) employees (one (1) in Alberta). The breach occurred between approximately March 29, 2020 and April 15, 2020. The Organization learned of the breach on April 15, 2020 when an unauthorized change to banking information was discovered, and an investigation was commenced.
P2020-ND-151

Combat Network Inc.

Between approximately October 23, 2019 and October 30, 2019, the Organization was targeted by threat actors who gained unauthorized access to its network systems, and more particularly to some of its employees? mailboxes. The breach was discovered on October 31, 2019 when the Organization was informed by the Canadian Security Intelligence Service (CSIS) and the Canadian Centre for Cyber Security (CCCS) of potentially malicious activity on its systems linked to a suspect IP address. During …
P2020-ND-150

Industrial Alliance Insurance and Financial Services Inc., on behalf of its wholly owned subsidiaries Industrial Alliance Securities Inc. and Investia Financial Services Inc.

On or around August 27, 2019, the Organization discovered that unauthorized spam messages containing malicious links had been sent internally from the email accounts of certain financial advisors. The Organization immediately investigated and confirmed that between August 26, 2019 and September 30, 2019, the email accounts of eighteen (18) advisors were compromised because of a phishing campaign, which led to these advisors divulging their user credentials to malicious websites. The Organization reported that there is …
P2020-ND-149

PCL Constructors Inc.

The Organization uses a third party vendor, PaperlessPay Corporation (PPC), to provide its employees with electronic access to tax slips and pay stubs in PPC?s database, On February 20, 2020, the Organization received a notification from PPC that an unknown party had issued an advertisement purporting to sell access to PPC?s database on the dark web. The Organization requested and confirmed that PPC removed all of the Organization?s data from the database. On March 20, …
P2020-ND-148

Arbonne International LLC

On April 20, 2020, the Organization discovered an unauthorized attempt to access its secure servers. The Organization contained the attack, neutralized the threat, and assessed the impact of the incident. The Organization determined the perpetrators accessed personal information on a single server, which contained personal information of its clients and independent consultants.
P2020-ND-147

Eastern Virginia Medical School

On January 28, 2020, the Organization became aware of suspicious activity associated with one of its email accounts. The Organization?s investigation determined that an unauthorized user had gained access to four email accounts for a limited period of time. The email accounts may have contained emails and documents containing employees? personal information.
P2020-ND-146

Drillinginfo, Inc. (Enverus)

The Organization uses a service provider, ADP Canada, to manage its employees? self-service accounts. On September 28, 2020, an employee of the Organization reported that he received a notification that a mobile number change was made to his ADP profile, and a time-off request was entered that he did not make. ADP Canada advised the Organization that a technical issue with a password recovery process enhancement may have led to another ADP client?s employee inadvertently …
P2020-ND-145

FitFabFun, Inc., a Delaware corporation

A third party installed malicious code on the shop extension of the Organization?s website, using an employee?s administrative credentials. The code was placed on the site on May 2, 2020 and was discovered on May 6, 2020, during a routine review of its website.
P2020-ND-144

Bath & Body Works Direct, Inc.

On December 2, 2019, the Organization learned that an unauthorized individual gained access to personal information in certain online accounts from approximately September 17, 2019 to November 23, 2019. The Organization believes that the individual capitalized on a breach of another company’s system where the customer may have used the same login information. The Organization later reported that ??the unauthorized access also may have occurred until [the Organization] implemented additional safeguards on January 15, 2020.?
P2020-ND-143

Co-operators General Insurance Company and Co-operators Life Insurance Company

On November 18, 2019, the Organization was notified by a client that their credit card number had been used to make a fraudulent premium payment. The Organization investigated and found that the client’s credit card number was likely used by a former employee to fraudulently pay the premium on the former employee’s insurance policy. The former employee had previously held the role of insurance agent, but his employment had been terminated on July 19, 2018. …
P2020-ND-142

Bird Construction, Inc.

On December 2, 2019, files in a number of the Organization?s systems were encrypted by an unauthorized third party who demanded a ransom payment in exchange for the keys to decrypt the files and to destroy data that the unauthorized party claimed to have taken from the Organization?s systems. The Organization reported that it believes that the unauthorized third party gained access to its IT infrastructure on November 20, 2019. The Organization later confirmed that …
P2020-ND-141

Xpedient Logistics

The Organization experienced an email phishing incident involving unauthorized access to employee email accounts that contained personal information. The Organization?s investigation found that an unauthorized individual gained access to the email accounts between April 25, 2019 and May 14, 2019. The breach was discovered on November 27, 2019 when the Organization learned of irregularities with some of its payments to vendors and, upon examining some of the related email traffic, discovered that some of the …
P2020-ND-140

Law Society of Alberta

On March 18, 2020, the email account of an employee of the Organization was hacked and several hundred phishing emails were sent from the account to Organization staff and to approximately 700 external recipients. The email purported to send out documents from the employee and requested recipients enter their credentials. The Organization immediately discovered the incident and quarantined the employee?s laptop, reset the credentials, searched the system for the messages and deleted all internal messages …
P2020-ND-139

Servus Credit Union Ltd.

On December 13, 2018, a fraudulent impersonator with knowledge of personal information and credit card information was able to successfully update the contact information on the credit card account for a single individual.
P2020-ND-138

American Association of Nurse Anesthetists

The Organization was notified of a potential data incident due to an unauthorized individual gaining access to its ecommerce website and inserting a malicious script designed to capture payment card information entered into the checkout page. The malicious script may have affected information entered on the website between May 23, 2019 and October 3, 2019. The breach was discovered by the Organization?s website host on October 3, 2019.
P2020-ND-137

V.A. MacDonald Q.C., Barrister & Solicitor

On December 20, 2019, following the failure of a desktop computer, the Organization?s IT provider removed the hard drive to determine if any data was recoverable. While in the IT provider?s possession, the hard drive and other items were stolen from the provider?s vehicle. The IT provider reported the theft to the Organization on December 23, 2019.
P2020-ND-136

Alberta College and Association of Opticians

On January 30, 2020, an email was sent from a disused email account to an unknown number of people asking for a “favor” and for people to respond to the email. Most of the recipients are registrants of the Organization; some are vendors or other business contacts, some are staff members. The Organization?s IT technician quickly recovered the account and found that emails were being rerouted to a hotmail account. The hacker(s) had access to …
P2020-ND-135

Connect Logistics Services Inc., and its affiliates, including DHL Global Forwarding (Canada) Inc., which are subsidiaries of Deutsche Post AG

On December 11, 2019 an intruder compromised an employee’s ADP (payroll system) account. The intrusion arose from a phishing attack. The intruder accessed the ADP system for over 3 hours from December 11-13, 2019. The intruder created fake employee profiles with real bank accounts in the United States. The ADP system flagged the US bank accounts on December 13, 2019. Upon flagging, ADP immediately shut down access to the system, isolated the fraudulent accounts and …
P2020-ND-134

ATB Financial

The Organization?s Edgerton agency was broken into overnight on December 27, 2019. The burglar(s) also broke into a locked credenza/filing cabinet and stole some personal information. The incident was discovered when the owner arrived at work.
P2020-ND-133

DBH Law

The Organization filed exempt market distribution forms for two subscribers on January 17, 2020 and January 27, 2020. The filings inadvertently included copies of the two subscription agreements which disclosed the information at issue. Alberta Securities Commission (ASC) staff noted the first breach and had the file marked private on January 21, 2020. The ASC notified the Organization on January 27, 2020. On January, 28, 2020, the Organization reported the second incident to the ASC …
P2020-ND-132

CNOOC Petroleum North America ULC

On January 15, 2020, an employee of the Organization sent an email to a number of individuals summarizing a meeting held the previous day. The employee inadvertently attached a wrong document to the email, disclosing the information at issue. The incident was discovered by the subject of the email, who reported it to the sender, the sender?s supervisor, and human resources.
P2020-ND-131

Holt, Renfrew & Co. Ltd.

un April 9, 2020, the Organization?s IT department was notified about a phishing attack and potential password compromise. The Organization discovered that on April 8, 2020, a phishing email was sent to six employees from a legitimate email account associated with one of the Organization?s concession partners. The phishing email was designed to prompt email recipients to click a link to download several documents. The link in the email took users to a Microsoft OneNote …
P2020-ND-130

VersaCold Logistics Services

On May 12, 2019, a person or persons broke into the Organization?s office premises and stole eight laptop computers. The laptops were password protected. The incident was discovered on May 13, 2019 when employees arrived at work.
P2020-ND-129

The Brenda Strafford Foundation Ltd.

On October 24, 2019, an attachment containing the information at issue was sent out with employee pay stubs in error. The incident was discovered when one of the employees opened the attachment and immediately called the payroll clerk.
P2020-ND-128

Kalispell Regional Healthcare

In the summer of 2019, the Organization discovered that several employees were victims of an email that led them to unknowingly provide their login credentials to malicious criminals. On August 28, 2019, the Organization learned that some patients’ personal information may have been accessed without authorization. A deeper investigation determined that some personal information may have been accessed as early as May 24, 2019.
P2020-ND-127

StorageVault Canada Inc. dba Access Storage

On September 16, 2019, the Organization learned that it was the victim of a break and enter, which occurred on September 15, 2019 at its facility in Winnipeg, Manitoba. The perpetrators broke into a locked storage unit which contained the Organization?s records, including physical files with client personal information collected for the purposes of facilitating storage rentals and services. The Organization reported the break-in to police, who were able to apprehend one of the thieves …
P2020-ND-126

Wayside Technology Group, Inc.

On June 20, 2019, the Organization discovered unusuaI activity involving its email system which occurred between June 12 and June 13, 2019. On October 9, 2019, the Organization?s investigation revealed that personaI information may have been accessed without authorization.
P2020-ND-125

Atria Senior Living

On October 24, 2019, the Organization identified suspicious activity related to certain employee email accounts. The Organization?s investigation of the email phishing incident showed that an unauthorized person first had access to an employee’s email account on September 18, 2019 and last had access on September 20, 2019. The investigation was unable to determine which specific emails or attachments, if any, were viewed by the unauthorized person.
P2020-ND-124

PFSL Investments (Canada) Ltd.

On November 25, 2019, an independent sales representative attended the home of the affected individuals who were looking to contribute to an existing RDSP account on a monthly basis. The representative had both affected individuals sign a Subsequent Contribution Form and provide a void cheque. After leaving the individuals’ home, the representative stopped at a grocery store. While unloading the groceries into her car, an unknown male drove by, reached out of the window of …
P2020-ND-123

OnePlus Technology (Shenzhen) Co., Ltd.

On November 13, 2019, the Organization received a monitoring alarm system warning, which showed abnormal behavior in its after-sales service API portal. The Organization investigated and discovered that between October 30 and November 13, 2019, an unauthorized individual registered for an account and used it to access the after-sales pickup and dropoff services IMEI lookup page. Through the lookup page, registered users may find order information using the IMEI number (i.e., the International Mobile Equipment …
P2020-ND-122

College and Association of Registered Nurses of Alberta

On March 12, 2019, the information at issue was mistakenly disclosed to a member having the same first name as another member. The Organization?s employee did not confirm the full name of the caller at the beginning of the discussion. The error was discovered during the employee?s conversation with the member.
P2020-ND-121

United Food and Commercial Workers Local 401

On June 7, 2019, a staff member?s laptop was stolen from his vehicle. He reported it missing on June 8, 2019. The laptop was a temporary replacement laptop and lacked the usual security protocols (full volume encryption) that are installed on laptops used by the Organization. The laptop was protected by a strong password. The Organization reported that no documents or personal information were locally stored on the device. Everything was accessed through email and …
P2020-ND-119

HSBC InvestDirect

Due to a system misconfiguration, the Organization inadvertently mailed a customer?s mutual fund confirmation slip and T4RIF to the wrong address. The errors occurred on January 23, 2019 and February 5, 2019. The error was discovered on March 13, 2019 when the customer contacted the Organization.
P2020-ND-118

Eye Buy Direct, Inc.

In June 2019, the Organization learned that a number of US consumers had reported fraudulent activity on their credit cards. The consumers had all made transactions on the Organization?s website, www.eyebuydirect.com. The Organization investigated and concluded its systems showed signs of intrusions; however, investigators were unable to confirm with certainty how or when the platform had been breached or whether any data had been accessed or taken. The Organization notified individuals who made purchases on …
P2020-ND-117

Raytheon Canada Limited

On March 13, 2020, the Organization was notified by a U.S. law enforcement agency of suspicious internet activity. The Organization confirmed an unauthorized party exploited a vulnerability in a third-party technology it uses for web application delivery control and accessed a server containing personal information between January 11, 2020 to on or about March 27, 2020. The Organization reported that it cannot conclusively determine whether any data was accessed or exfiltrated, but, out of an …
P2020-ND-116

NorthShore University HealthSystem

The Organization uses a third-party service provider, Blackbaud, who provides a platform to manage donor information. On July 22, 2020, the Organization received a notice from Blackbaud reporting that cybercriminals obtained access to information Blackbaud processed for the Organization. Blackbaud advised the Organization that it paid a financial demand in exchange for confirmation from the attackers that the extracted information was destroyed. The incident occurred between February 7 through May 20, 2020.
P2020-ND-115

Evangelical Fellowship of Canada

July 16, 2020, the Organization received notice that its third-party service provider, Blackbaud, had been the target of a ransomware attack. The Organization reported: According to Blackbaud, the attack was discovered on the same day the incident occurred, May 14, 2020. The Cyber Security team, together with independent forensic experts and law enforcement, successfully prevented the bad-actor from blocking Blackbaud’s system access and fully encrypting the files. According to Blackbaud, ransom was paid in return …
P2020-ND-114

Kayden Industries LP

On July 18, 2020, unknown persons entered the Organization?s facility (warehouse and front office), rummaged through cabinets and desks, and removed items. The warehouse was previously damaged by fire on March 9, 2020. The Organization reported that it appeared some of its personnel files might have been compromised. The Organization notified its landlord and city police, who are currently investigating the incident.
P2020-ND-113

Apeetogosan (Metis) Development Inc.

On December 3, 2019, the Organization found its computer system was affected by a ransomware attack that caused its files to be encrypted. The attacker demanded a ransom. The Organization reported its computer system risk management process includes backup systems and data, so the majority of the system and data were not subject to the attack. The Organization did not pay the ransom. Due to the nature of the attack and the short time between …
P2020-ND-112

Employee Benefit Funds Administration Ltd.

On October 31, 2019, an employee with the Organization inadvertently switched two claims documents and mailed them to the wrong member. On November 12, 2019, the Organization received a call from one of the recipients reporting the error. The Organization contacted the recipients and requested they return the original documents to the Organization. Both plan members returned the documents.
P2020-ND-111

CNOOC Petroleum North America ULC

On July 10, 2019, an employee of the Organization had a conversation with two other individuals ? a former employee and another employee ? during which the first employee shared the information at issue in an unauthorized manner. On July 16, 2019, the second employee reported the incident to his manager, and the Organization began an investigation. The Organization discovered that the first employee had authorized access to a spreadsheet of aggregate, non-identifiable compensation data; …
P2020-ND-110

Rockyview Gas Co-op Ltd.

On July 9, 2019, the Organization prepared notices for customers with overdue accounts. When printing the notices, the Organization did not realise that the printer was set to double sided. This resulted in half of the customers? arrears notices being printed on the reverse of another customer?s notice. The breach was discovered on July 15, 2019 when a customer brought the error to the Organization?s attention.
P2020-ND-109

CPA Western School of Business

An employee with the Organization clicked on a phishing email, which created a rule that auto-forwarded incoming email messages to an unknown third-party, moved the messages to a rarely-used Outlook folder in the employee’s Outlook, and deleted information from the sent folder without the staff member?s knowledge. The “hacked” emails sent to the employee’s work email account were from applicants responding to fabricated job postings that the hacker created after having opened a fraudulent account …
P2020-ND-108

Real Estate Council of Alberta

On June 20, 2019, an unknown individual gained unauthorized access to an employee email account through a phishing attack. The unknown individual set up an automatic forwarding rule such that all incoming emails were forwarded to a third party email address that appears to have originated from outside of Canada. The email address is unknown to the Organization. The Organization?s IT department determined that 1,180 emails were forwarded to the external email address between June …
P2020-ND-107

CAM LLP

On May 24, 2020, an employee with the Organization had her car stolen from her driveway. In her car, there was a briefcase with hard copies of client files. The client files have not been recovered to date.
P2020-ND-106

ZipRecruiter Inc.

The Organization provides a website, which enables job seekers to search for employment opportunities and client-users to source candidates by posting job openings on the website and/or by searching a CV/resume database. On December 13, 2019, the Organization was notified that a job seeker reported receiving an unsolicited email that appeared to come from a client-user account and requested she send her resume to a third party email address not associated with the client. The …
P2020-ND-105

Carnival Cruise Line a division of Carnival Corporation

The Organization engaged a vendor for certain web development, support and related services including the design and configuration of a job portal hosted on Amazon Web Services cloud computing infrastructure (AWS). On October 29, 2019, the vendor advised the Organization that an intruder had deleted two databases from the portal. The vendor determined that a legacy module not used but available in the codebase was the cause of the incident. The Organization does not have …
P2020-ND-104

Namaste Technologies, Inc.

On May 9, 2019, an employee of the Organization noticed unsolicited emails had been received at internal email addresses. The Organization investigated and found that between May 4-8, 2019, a series of emails were sent to approximately 10,000 subscribers by a third party email services provider used by the Organization.The emails did not originate from the Organization?s account with the email services provider but instead came from the account of an employee of the Organization. …
P2020-ND-103

College of Physicians and Surgeons of Alberta

On November 1, 2019, a Hearing Tribunal decision was published to the Organization?s website in violation of a publication ban. The decision included the information at issue. The information was also released to the media. The breach was discovered on November 14, 2019, when the Organization was advised that it was in violation of the publication ban.
P2020-ND-102

SkipTheDishes Restaurant Services Inc.

On July 22, 2020, the Organization?s third-party account takeover and fraud analysis vendor notified the Organization of an unusual pattern of activity. The Organization investigated and discovered a malicious actor performed a credential-stuffing attack by testing breached email and password combinations that were obtained outside of the Organization. The Organization estimates that approximately 160 Alberta accounts were affected by this vulnerability between April 2020 and July 31, 2020.
P2020-ND-101

Economical Insurance and its subsidiary, Sonnet Insurance Company

On July 8, 2020, an employee received a phishing email from an unknown third party. The email included a hyperlink to a page on which the employee entered their username and password. On July 20, the credentials were used to access the employee?s email account and an internal software program, and to send further phishing emails to employees and addresses in the email account. Five other employees subsequently entered their credentials. The unauthorized activity was …
P2020-ND-100

Maplebear Inc., dba Instacart

On July 9, 2020, the Organization identified evidence that employees of its service provider accessed more ?shopper profiles? than should have been necessary to perform their job. Shoppers are independent contractors on the Organization?s technology platform, who provide shopping services on behalf of the Organization?s customers. The accesses occurred on or about June 5, 2020 and July 9, 2020. The Organization reported that it does not have evidence that its shopper information was stored or …
P2020-ND-099

MNP LLP and related subsidiaries and affiliates

On April 5, 2020, the Organization found its systems were encrypted as a result of a cybersecurity incident. The Organization immediately shut down access to its systems and engaged external experts to work alongside its internal IT response team. The Organization reported that the incident occurred as a result of a phishing email and involved only a small subset of information that was potentially accessed by the attacker. Further, there is no evidence of any …
P2020-ND-098

Chartered Professional Accountants of Canada

From April 20 to 24, 2020, the Organization discovered a potential security incident and possible phishing activity relating to its website and email addresses of its members. The Organization learned that unauthorized parties accessed certain information held by the Organization through an attack against its website between November 30, 2019 and May 1, 2020. The Organization collects a range of general contact, professional and related profile information in the course of its interactions with current …
P2020-ND-097

Railworks Corporation

On January 27, 2020, the Organization was the victim of a cyberattack in which an unauthorized third party encrypted its systems and files that contained personal information of its employees, former employees, current and former employees? beneficiaries / dependents and some independent contractors. The incident ended on January 31, 2020.
P2020-ND-096

Ply Gem Residential Solutions

On June 25, 2020, the Organization discovered that an unauthorized individual may have accessed certain employees? email accounts at various times between July 26, 2019 and November 18, 2019. The Organization investigated and was not able to determine which email accounts and attachments, if any, were accessed. The Organization conducted a review of the contents of the email accounts. The Organization has no evidence to date of any misuse of the information.
P2020-ND-095

Accor Services Canada Inc.

On March 18, 2020, the Organization?s service provider, Ceridian Canada Ltd., became aware of suspicious activity on its network, and immediately launched an investigation. On May 12, 2020, the service provider discovered a file containing personal information on a server that an unauthorized third party accessed on March 18, 2020 using a valid name and password of an active customer account. On May 27, 2020, the service provider notified the Organization of the incident. The …
P2020-ND-094

Medicine Hat Family Young Men?s Christian Association

On June 15, 2020, an employee with the Organization sent an email contact list containing guardians? contact information via the Organization?s OneDrive to an unauthorized recipient (a guardian of a child) in error. On August 11, 2020, the error was discovered, and the employee asked the unauthorized recipient to delete the email sent on June 15, 2020.
P2020-ND-093

Teck Highland Valley Cooper Corporation

On June 12 and June 13, 2019, due to an incorrect mall merge operation, pension benefit statements sent to former employees were sent to the wrong addresses. The breach was discovered on June 17, 2019 when some individuals who received the statements contacted the Organization to advise them of the error. The Organization wrote to the individuals who received the wrong letters and requested they return them to the Organization using an enclosed pre-addressed and …
P2020-ND-092

Neptune Wellness Solutions Inc.

On July 15, 2020, the Organization received a message claiming that its networks were hacked and all of the Organization?s files, documents, photos, databases and other important data had been encrypted, making them inaccessible. The message also claimed that certain private data from the Organization?s network had been downloaded. The unknown actor threatened to post information and publicize if the Organization failed to respond and purchase the encryption key. The Organization believes that it is …
P2020-ND-091

Zoosk, Inc.

On May 11, 2020, an unknown third party claimed to have accessed certain personal information of members of the Organization. Based on its investigation, the Organization learned that on or about January 12, 2020, an unauthorized third party gained access to the Organization?s data stored in a database hosted by a third party. The Organization learned that although a copy of the database is available online the decipher key is not, and therefore most of …
P2020-ND-090

Syncrude Canada Ltd.

In December 2018, an employee made a written complaint against an on-site contractor; the contractor provided a written response to the complaint. These documents were provided to the Organization?s security staff. On December 12, 2018, the security staff forwarded the documents, along with an incident report, to a number of internal staff. On December 13, 2018, the complaint and the contractor?s response were forwarded to the RCMP by the security staff. A Human Resources Advisor …
P2020-ND-089

Dubsmash Inc. and Mobile Motion GmbH (collectively, Dubsmash)

The Organization is a video messaging application for iOS and Android. On February 8, 2019, a reporter contacted the Organization to request comment on the sale of potentially stolen information. The Organization investigated to determine whether there had been any unauthorized acquisition of its users? personal information. On February 11, 2019, the Organization purchased a database from an unidentified individual and confirmed that it contained information related to the Organization?s users. The Organization reported its …
P2020-ND-088

Howard & Associates Psychological Services

On July 3, 2019, the Organization?s office was broken into. Among other things, the intruders stole intake forms from two Employee Assistance Programs (EAPs) requesting services for individuals. The landlord discovered the breach the same day.
P2020-ND-087

Alberta Society of Professional Biologists

On or around July 22, 2019, a staff member with the Organization realized a laptop was missing. Despite search efforts, the laptop was not found. The information at issue may have been in an event attendees list stored on the laptop. The laptop was not encrypted.
P2020-ND-086

Running Room Canada

On November 14, 2019, the Organization?s web security team identified an SQL injection and confirmed unauthorized access to its website database containing user profile information. The compromised information ??did not involve sensitive personal information like government-issued IDs (like Social Insurance numbers and driver’s license numbers) or payment cards, bank account, or other financial information?.
P2020-ND-085

Nicola Wealth Management Ltd.

On March 19, the Organization?s CEO?s assistant received a suspicious email purporting to be from the CEO directing her to pay an invoice. The assistant confirmed with the CEO that the email in question was not legitimate. The Organization discovered an unknown third party temporarily gained access to the CEO?s email account through a webmail application, and potentially accessed, viewed or downloaded a number of emails over a period of approximately 11 hours. The Organization …
P2020-ND-084

The Canada Life Assurance Company

The Organization uses an online account system to allow plan members to submit health and dental claims electronically, review previous claims and coverage information, and set up direct deposit. The system contains the personal information of the member and his or her dependents, if any. Due to an administrative and system error, a plan member logged into the system and was able to see account information for another member. Both members belong to the same …
P2020-ND-083

IPC Investment Corporation

On August 15, 2019, an advisor with the Organization prepared documents to send to a client for completion. The advisor entered the wrong email address for the client and the message was sent to an unknown party who had a similar email address. The breach was discovered on August 29, 2019 when the client reached out to the advisor to inquire about the documents that were to be sent by email. The Organization was unable …
P2020-ND-082

Women?s Flat Track Derby Insurance Inc.

On August 8, 2019, the Organization acquired CRDi and as a result is the owner of the list of, and contact information for, customers with CRDi, past and present, active, cancelled, and pending in an effort to begin developing member solutions for leagues and skaters across Canada. On December 11, 2019, a former CRDi employee emailed participants to promote a new company. The email was worded in such a way that it confused recipients as …
P2020-ND-081

Westward Advisors Ltd.

On November 25th, 2019, a ?spear phishing? email was sent to some of the Organization?s email addresses. One employee clicked on an attachment that installed a rule in the Employee’s Outlook account. As a result, the attacker collected a copy of certain emails addressed to the employee between November 25-December 31, 2019. The attacker also created a similar but fake email address for the employee and contacted some of the Organization?s clients while impersonating the …
P2020-ND-080

Rifco National Auto Finance Corporation

On June 10, 2019, two letter attachments addressed to two different customers were sent by text messages by the Organization. The two letters were inadvertently sent to two incorrect cell phone numbers. One of the customers who received a text message called the Organization to advise he had received a letter that was intended for another customer. The Organization reported there was no release of any payment or banking information, or other personal information.
P2020-ND-079

Servus Credit Union

On June 26, 2019, there was a break-in at a Red Deer branch of the Organization. A briefcase containing documentation for 12 Wealth Management Accounts was stolen. The breach was discovered the following morning by an employee entering the branch and completing a branch check per corporate policy. The files and associated documentation were recovered intact on June 27, 2019.
P2020-ND-078

ivari

On December 4, 2019, a life insurance policy contract was placed in an incorrect courier envelope package. The policy contract was delivered to another General Agency office that is licensed with the Organization. On December 16, 2019, the intended recipient (a licensed insurance advisor) contacted the Organization inquiring as to the whereabouts of the policy contact.
P2020-ND-077

Pfizer Canada ULC

On March 18 2020, the Organization?s payroll services provider became aware of suspicious activity on its network. An investigation found that on January 25, 2020, an unauthorized third party gained access to one of the service provider?s servers. The service provider determined that the threat actor was able to remotely gain access to its systems via a remote desktop using name and valid password of an active customer account; however, it was unable to determine …
P2020-ND-076

Carnival Corporation & plc and its subsidiaries and brands

In late May 2019, the Organization identified suspicious activity on its network and initiated an investigation. The Organization discovered that between April 11 and July 23, 2019, an unauthorized third party gained access to some employee email accounts that contained personal information regarding employees, crew, and guests. Approximately 124 employee email accounts, primarily at Princess Cruise Line, were compromised. The Organization reported that it appears that the unauthorized third party sought information related to payments …
P2020-ND-075

Capital Region Housing Corporation

Tenants who failed to pay their July rent were issued Notices to Vacate. The site manager who did the posting, however, posted the incorrect Notices to Vacate (e.g. Tenant A’s notice was posted on Tenant B). The postings occurred on July 11, 2019. The error was discovered on July 12, 2019 when a few tenants receiving the incorrect notices contacted the Organization.
P2020-ND-074

Hanna Andersson, LLC

On December 5, 2019, law enforcement informed the Organization that credit cards used on its website were available for purchase on a dark web site. The Organization investigated, and confirmed its third-party ecommerce platform, Salesforce Commerce Cloud, was infected with malware that may have scraped information entered by customers into the platform during the purchase process. The earliest potential date of compromise identified by forensic investigators is September 16, 2019, and the malware was removed …
P2020-ND-073

Justin Warsylewicz

On February 6, 2020, a vehicle belonging to the Organization was broken into and a travel bag was stolen. The bag contained the information at issue. The breach was discovered the same day.
P2020-ND-072

Industrial Alliance Insurance and Financial Services Inc.

On May 27, 2019, an insurance broker’s briefcase, which included an insurance policy contract with personal information, was stolen. The breach was discovered the same day. The broker reported the theft to the company.
P2020-ND-071

ExecuPharm, Inc.

The Organization is a United-States-based entity that provides staffing solutions for parent company, Parexel International Corporation (“Parexel”). On March 13, 2020, the Organization became aware that its data network had been compromised as a result of a cyber ransomware event conducted by malicious actors. The malicious actors encrypted files and sought a ransom in exchange for lifting the encryption. The Organization was able to successfully rebuild its systems from backup servers without paying the ransom. …
P2020-ND-070

Midwest Surveys Inc.

On April 3, 2020 a series of emails, with a link to virus payload, was sent out from an employee?s email account. The Organization reported the ?? account had been compromised by a bad actor at some point, but there was no evidience [sic] other than the series of emails with a malicous [sic] link being sent on their behalf. User could not recall any of the possible situations described to them by the investigator …
P2020-ND-069

Marval Capital Ltd.

On March 24, 2020, the Organization?s general email account was used to send out phishing emails. The person that accessed the account had brief access to the inbox. The Organization and its email provider were not able to determine which emails the intruder may have opened in that time. The Organization reported the breach ?occurred during the COVID-19 pandemic during the Organization?s transition to working remotely as mandated by the Federal Government?. The breach was …
P2020-ND-068

Tupperware U.S., Inc.

On March 24, 2020, the Organization identified unauthorized code had been inserted into the code that runs its Tupperware U.S. and Tupperware Canada e-commerce websites, Tupperware.com and Tupperware.ca. The Organization?s investigation found the code was designed to capture information entered by customers during the checkout process on these websites. It was further determined the code was present on the websites from March 19, 2020 to March 24, 2020.
P2020-ND-067

Pomeroy Lodging LP

On April 21, 2020, the Organization?s office was broken into and multiple laptops were stolen, along with some paper files. The breach was discovered the same day when a worker arrived at the office early and discovered the robbery still in progress. The police were called but subjects have not been apprehended.
P2020-ND-066

Capital Brands Distribution, LLC

On March 17, 2020, the Organization learned about possible unauthorized access to its online shopping site www.nutribullet.com. The Organization?s investigation revealed than an unauthorized user changed the website’s checkout page to collect customer information without authorization, for orders placed on the website with a credit or debit card between February 19, 2020 and March 17, 2020.
P2020-ND-065

WESCO Distribution Inc.

On July 1, 2019, the Organization learned an employee’s email account was compromised by an unknown actor through a phishing email sent on August 15, 2018 from a well-known supplier of the Organization. The attack spread to 28 other user accounts. The unknown actor placed an automatic forwarding rule on the accounts, which forwarded all incoming emails to an unauthorized Gmail account. The Organization disabled the rule on July 1, 2019 and reported there was …
P2020-ND-064

Tenaris Group / TMK IPSCO Canada Ltd.

TMK IPSCO was acquired by the Tenaris Group in January 2020. Following the close of the transaction, Tenaris performed an internal control assessment and, on January 28, 2020, identified a lack of security controls for certain files stored in a temporary storage location. These files were potentially accessible by all the acquired Organization?s employees.
P2020-ND-063

King Defence

On Monday March 23, an employee with the Organization went to the courthouse to meet with the friend of a client, who had the client?s cellphone. Due to Covid-19 concerns, the employee placed the cellphone in a plastic bag and put the bag in the centre console of his vehicle. The employee did not return to the office to review the contents of the cellphone as staff were working from home during the coronavirus outbreak. …
P2020-ND-062

Lorne Steinberg Wealth Management Inc.

In late November 2019, the Organization and forensic IT experts identified suspicious activity with respect to two email accounts. The Organization determined that an unknown external actor gained access to the email accounts in late September 2019 and appeared to have forwarded emails from these accounts to illegitimate email accounts for the purpose of attempting wire fraud. The Organization does not currently have any evidence that the external actor was successful in its wire fraud …
P2020-ND-061

Mountain Equipment Co-op

Between October 13-28, 2019, the Organization ran a pilot marketing campaign. The Organization sent the personal information at issue to Facebook to use for the marketing campaign. On January 28, 2020, two members complained to the Organization?s Privacy Office about the information being shared with Facebook. The Organization realized it did not get consent from members to disclose the personal information and requested that all member information associated with the October marketing pilot be permanently …
P2020-ND-060

Servus Credit Union Ltd.

On January 14, 2020, an email containing mortgage renewal documents for an individual was sent to an unknown recipient with a name similar to the individual. The incident was discovered when the member contacted the Organization asking about the status of the email.
P2020-ND-059

Avenue Living Communities Ltd.

On December 17, 2019, the Organization became aware that an unknown and unauthorized actor had altered an employee’s email account settings to automatically forward all incoming emails to an unrecognized email address. The Organization determined that all emails received by the employee on or after October 23, 2019 until December 17, 2019 had been automatically forwarded to the unrecognized email address. The total number of emails forwarded totalled 3,667. The Organization reviewed each of the …
P2020-ND-058

Investors Group Financial Services Inc.

On December 16, 2019, while the Organization?s clients were on vacation, a hacker gained access to the clients? (husband and wife) email account and then proceeded to pose as the wife and called the Organization?s consultant to request the clients? statements. Upon receiving this request, the Consultant provided a copy of the statements (one for the husband’s account, and one for the wife’s account) to the hacker. On December 17, 2019, the hacker emailed the …
P2020-ND-057

ATB Financial

On January 13, 2020, a team member?s vehicle was stolen. A laptop, along with paper mortgage application documents, was in the vehicle. The theft was reported to the Organization?s information security team on the same day. The laptop has various security controls, including full disk encryption when powered off.
P2020-ND-056

Lightspeed Technologies, Inc.

On January 14, 2020, customers of the Organization reported receiving spoofed emails attempting to change the account information used for remitting payment to the Organization. An investigation found that an unauthorized party accessed email accounts at different periods between August 19 and August 22, 2019, and between September 20, 2019 and September 23, 2019. The investigation was not able to conclusively determine which emails or attachments were viewed by the unauthorized party. On January 14, …
P2020-ND-055

Attia Law Group

On March 5, 2020, a lawyer with the Organization lost a binder in the Edmonton Provincial Courthouse. The binder contained criminal disclosure documentation with respect to four co-accused persons.
P2020-ND-054

Flexiti Financial Inc.

On December 28, 2019, the Organization received an email from someone purporting to be a hacker and claiming to have encrypted files, and deleted/encrypted backups. The hacker demanded a ransom in exchange for the code to unlock the encrypted back up files, and also claimed to have stolen the Organization?s database. The hacker threatened to release the information in unencrypted form if the ransom was not paid. The Organization did not pay the ransom, but …
P2020-ND-053

Synergen Housing Corporation Ltd.

On December 13, 2019, Board of Directors meeting minutes were distributed to members of the Organization. Personal information contained in the minutes was not redacted before the minutes were sent to the members. The incident was discovered on December 15, 2019, when a member noticed the personal information and notified the President of the Board of Directors.
P2020-ND-052

Solium Capital UI-C

The Organization reported that one of its contracted service providers, TSGI Corporation, determined that a former employee had surreptitiously and unlawfully downloaded data to a remote server during his short-term employment from January 31-February 27, 2019. The data included some confidential information about the Organization?s current and former employees. The service provider first informed the Organization about the breach on February 26, 2019 and on March 6, 2019 confirmed that the Organization?s data was among …
P2020-ND-051

ATB Financial

On November 10, 2019, the Organization?s location in Peers, Alberta was broken into and a safe was stolen. The RCMP were contacted and attended the scene. To date the contents of the safe have not been recovered.
P2020-ND-050

Master-Bilt Refrigeration Solutions

The Organization learned that a number of spam emails had been sent from an employee’s account. An investigation determined that an unauthorized person accessed the account between July 10-11, 2019. The investigation was unable to determine which specific emails or attachments, if any, were viewed by the unauthorized individual. On November 7, 2019, the Organization determined that the unauthorized individual accessed the personal information of one Alberta resident.
P2020-ND-049

Combined Insurance Company of America

The Organization takes electronic insurance policy applications from consumers in the normal course of business. Typically, an agent will meet with a consumer to complete an application, including a needs analysis. Information is uploaded to the Organization?s e-Agent platform. In September 2019, as part of a routine compliance audit, staff noticed 3 instances where the name on the needs analysis document did not match the name on other policy documents. Further investigation found that if …
P2020-ND-048

Canadian Physiotherapy Association

On October 24, 2019, the Organization learned that it was the victim of a social engineering and phishing attack when a vendor followed up regarding payment of an invoice. The Organization discovered a wire transfer had been made to a threat actor posing as the vendor. On November 21, 2019, following an investigation, the Organization learned that there had been an intrusion into two employee inboxes. The suspected point of entry was a phishing email …
P2020-ND-047

iA Financial Group

On February 20, 2020, a vehicle belonging to an insurance agent working with the Organization was broken into. A laptop that stored client information was stolen. The breach was reported to the Organization on February 21, 2020.
P2020-ND-046

Grape Holding, NV

On March 5, 2020, an unauthorized user accessed the Organization?s reservation portfolios on a third party system. The incident was discovered on March 7, 2020, when the host of the third party reservation system informed the Organization that it had detected an unauthorized user. Forensic experts determined that the incident was a single occurrence.
P2020-ND-045

London Life Insurance Company

On April 9, 2019, a completed insurance application was mailed from an advisor’s office in Edson to the Organization?s Financial Centre in Edmonton. The application was sent by regular Canada Post mail rather than courier (tracked/signature required). The Financial Centre did not receive the application. The incident was discovered on May 22, 2019 when the advisor followed up regarding the underwriting of the policy and there was no record of the application being submitted.
P2020-ND-044

Servus Credit Union Ltd.

On May 24, 2019, an employee of the Organization verbally disclosed information about a loan application to an individual’s adult son in error. Both individuals have the same first and last name. The employee who made the disclosure realized the error on May 27, 2019 when speaking with other branch employees after the individual telephoned looking for an update to the loan application.
P2020-ND-043

ivari

On April 17, 2019, an insurance advisor’s car was broken into and a laptop was stolen. The information at issue was stored on the laptop. The incident was discovered the same day. The laptop was password protected.
P2020-ND-042

Carly Buffalo RMT

On April 25, 2019, a home/office was broken into and a laptop containing the information at issue was stolen. The breach was discovered the same day. A suspect has been identified and charged for the break and enter. The laptop has not been recovered.
P2020-ND-041

TrueFire LLC

On January 10, 2020, the Organization discovered that an unauthorized person gained access to its computer system and website (TrueFire.com). The Organization reported that ?? it appears that the unauthorized person could have accessed the data of consumers who made payment card purchases while that data was being entered on the Website, between August 3, 2019 and January 14, 2020.?
P2020-ND-040

Co-operators General Insurance Company

On July 4, 2019, during a claim investigation process, the Organization?s claims representative provided the information at issue (license status) to the parent of a child injured in a claim involving a client?s son (the vehicle operator). The incident was discovered on July 5, 2019 when both of the vehicle operator?s parents contacted the Organization to complain about the disclosure. The father of the injured individual took to social media bullying the operator of the …
P2020-ND-039

Web.com Group, Inc.

On October 16, 2019, the Organization became aware that a third-party might have gained unauthorized access to a limited number of its computer systems in late August 2019, and, as a result, account information may have been compromised. The Organization reported that access was facilitated via two externally facing servers that were compromised through a web-enabled application vulnerability and a deprecated user credential. The accessed computer systems also included Web.com’s retail domain registrars, Network Solutions, …
P2020-ND-038

Master Paints Institute (MPI) Canada, Inc.

On November 14, 2019, the Organization discovered a vulnerability in the shopping cart function on its website that allowed an unauthorized user to record information in the shopping cart. The incident was discovered by a consumer using the site, who reported it to the Organization. The Organization reported that an unauthorized individual or group extracted personal information by executing a vulnerability in the code of the third party used for the shopping cart function. The …
P2020-ND-037

Mosaic Primary Care Network

An employee?s email account was compromised and used to impersonate an external software vendor. As a result, a payment sent from the Organization to the vendor was sent to a fraudulent bank account. The breach was discovered on December 10, 2019 when the Organization?s employee informed the IT department of suspicious activity. The IT department identified that the user?s password was likely compromised through phishing. The cyber-attack was found to have exposed the MS 365 …
P2020-ND-036

LifeLabs Inc.

A cyber attack involving unauthorised access to two web servers and two databases occurred. The incident was discovered on October 28, 2019. The Organization engaged cyber security experts to isolate and secure the affected systems and determine the scope of the breach.
P2020-ND-035

Chamberlain Group, Inc.

On April 28, 2019, the Organization discovered that a call center employee had not followed mandated security procedures when handling customer payment card information. Upon notification from law enforcement that the employee had apparently misused the payment card information of other individuals, the Organization investigated. The investigation found that the employee had collected personal information from some Alberta residents between November 2, 2018 through April 24, 2019. The Organization found no information indicating that the …
P2020-ND-034

SkipTheDishes Restaurant Services Inc.

In mid-2019, the Organization?s customer service department noticed an increased in ?account takeover? complaints from consumers. These complaints involved concerns that unauthorized orders were being placed in customer accounts. The Organization investigated and found the account takeovers occurred as a result of individuals having lost control of their passwords through a combination of many factors. The Organization did not uncover a failure of security safeguards under the Organization?s control or a compromise of its systems. …
P2020-ND-033

Guardian Law Group LLP

On November 13, 2019, the Organization was contacted by another law firm who reported it had received a suspicious email that appeared to have been sent from the Organization. The email was sent from an address that was the actual email address of an employee of the Organization who was on vacation at the time. The Organization investigated and found that ?spam emails? had been sent from an Organization email account. The Organization was contacted …
P2020-ND-032

Parvus Therapeutics Inc.

On November 19, 2019, a consultant who provides human resource services to the Organization was targeted with a phishing email from an unauthorized account. The email requested the consultant provide certain human resource information about employees of the Organization. The consultant did not identify the email as a phishing request and, on November 20, 2019, and responded to it, disclosing the personal information at issue. The breach was discovered the same day. The Organization is …
P2020-ND-031

Lethbridge Community Out of School Association

An employee of the Organization was on a short term leave and the Organization was looking for documents stored on the employee?s computer. The Organization?s HR department accessed the computer to search for the documents, and could see the employee?s recently opened files. The files were confidential and included personal information or individually identifying health information. The Organization reported the breach occurred between September 3-8, 2019 and was discovered on September 12, 2019.
P2020-ND-030

Sprott Money Ltd.

The Organization?s website Sprottmoney.com was compromised as a result of malicious code uploaded by an unauthorized third party. The breach occurred on November 1, 2019 and was discovered on November 7, 2019.
P2020-ND-029

The Canada Life Assurance Company

On November 4, 2019, the Organization contacted a residential tenant regarding her parking rent. The individual advised the Organization that she had personally delivered the documents to the Organization?s office on October 18, 2019. The Organization searched for the documents but has been unable to locate them.
P2020-ND-028

Syncrude Canada Inc.

On April 29, 2019, an employee who was ill was assessed by a nurse on-site and sent home. The employee mentioned that his work area may need to be inspected and cleaned. The nurse spoke with the employee?s leader about cleaning and sanitizing the work area. The leader shared with the acting leading in the work area that the employee was ill, sent home and the illness might be related to contamination in the work …
P2020-ND-027

News America Marketing Digital LLC

The Organization learned an unauthorized third party attempted to gain access to Checkout 51 accounts via the Checkout 51 login application programming interface (API) between July 6 – 12, 2019. Based on the Organization?s investigation, the incident did not arise from a breach of the Organization?s security safeguards; rather, the breach was caused by the reuse of usernames and passwords by users that may have been obtained by previous third party hacking incidents.
P2020-ND-026

Association of Professional Engineers and Geoscientists of Alberta

On June 6, 2019, an employee?s email/laptop was accessed without authorization ?resulting in a virus containing email being sent from that individual?. Phishing emails were received by staff and individuals in the employee?s address book. The breach was discovered the same day when the emails were recognized as not being ?real?, and the issue was reported to IT services.
P2020-ND-025

PAR Technology Corporation

On or about May 31, 2019, the Organization was alerted to suspicious activity within an employee’s email account. The Organization immediately launched an investigation with the assistance of a third-party forensic firm, to determine the nature and scope of the activity. The investigation found that 11 employee email accounts were accessed without authorization between April 19, 2019 and June 20, 2019.
P2020-ND-024

StockX LLC

On July 26, 2019, the Organization was alerted to suspicious activity potentially involving customer data. The Organization investigated and engaged third party experts to assist. The investigation found that an unknown third party had been able to gain unauthorized access to certain customer data from the Organization?s cloud environment on or around May 14, 2019.
P2020-ND-023

Economical Mutual Insurance Company

On October 14, 2019, an independent insurance claims adjusting firm engaged by the Organization to adjust property claims for its policyholders had a break-in and several computers were stolen from its offices. The information on the computers was encrypted and protected by passwords. However, the Organization reported that a thief may have had access to the encryption password for one of the computers. The Organization reported that it has no indication that the theft was …
P2020-ND-022

Koff Productions

On February 3, 2020, the OIPC received an email from an employee of another provincial government stating he had discovered driver?s licenses of Albertans on the internet. The OIPC confirmed the report and contacted the Organization (Treehousecult.com) on February 6, 2020 to notify it of the incident. In its report of the incident to the OIPC, the Organization said that the permissions on a web server were not private. The Organization also reported the incident …
P2020-ND-021

National Baseball Hall of Fame and Museum

An unauthorized third party injected malicious code into the Organization?s web store. The code was removed as soon as it was discovered but could have been able to collect information that customers entered on the web store?s check-out page while it was active. Purchases made via the web store between November 15, 2018 and May 14, 2019 may be affected.
P2020-ND-020

Skip The Dishes Restaurant Services Inc.

Unknown individual(s) used credential stuffing to gain access to the Organization?s courier accounts accessible through its ?Courier Portal?. “Credential Stuffing” is the process by which an attacker steals or purchases username and password combinations (possibly on the dark web) and enters those credentials on websites to see if they can gain access. The incident occurred on July 11, 2019 and was discovered the same day when the Organization?s security operations team detected an unusually high …
P2020-ND-019

RBC Life Insurance Company

On June 26, 2018, the Organization emailed a claimant?s letter to the claimant?s employer in error. The letter was addressed to the claimant and contained personal and health information about the claimant. The employer contacted the Organization on June 28, 2018 to report the error. The employer agreed to delete the email and confirmed that it did not save a copy of the letter.
P2020-ND-018

Health Standards Organization (HSO) and Accreditation Canada (AC)

On June 21, 2019, the Organization became aware of a potential malware incident which impacted its IT systems. The incident was later determined to have been caused by the “Ryuk” ransomware that encrypts all data on the infected servers rendering it inaccessible/unreadable until a ransom is paid. The Organization?s investigation did not find any evidence of any information disclosure resulting from the incident, which is consistent with the fact that the Ryuk ransomware is not …
P2020-ND-017

PetroChina Canada Ltd.

Malware (Emotet) was discovered on an end user laptop. The Organization reported the breach occurred on September 23, 2019 and was discovered September 24, 2019 when data communications from the end user laptop matching known Emotet control characteristics were detected by a cybersecurity system. This system alerted the Organization?s Canada Cybersecurity Specialist to the detection.
P2020-ND-016

Quarterhill Inc.

An employee responsible for Human Resource functions used a corporate owned laptop to access a file on the laptop in cloud storage containing personal information of current and former employees and directors. Due to the settings on the laptop, the file synced to the laptop’s hard drive. On August 29, 2019 at approximately 1:00 pm local time, an individual entered the Organization?s Kitchener, Ontario premises through an unlocked door and stole the laptop and one …
P2020-ND-015

Kearns, Brinen & Monaghan

Two employees received a phishing email with a hyperlink. The employees clicked on the link, which took them to a site that looked like a genuine site. Each of the employees entered their credentials into the site. Once the threat actor had the credentials, he accessed the employees’ emails and set up a forwarding rule. The Organization reported the breach occurred on October 15, 2018 and was discovered on July 15, 2019 when suspicious activity …
P2020-ND-014

First National Financial LP

The account credentials of an employee of the Organization were compromised during a credential harvesting phishing attack against the employee on August 26, 2019. These credentials were used by an unidentified party to gain unauthorized access to the employee’s mailbox between August 30, 2019 and September 17, 2019. The unidentified third party had access to customer data contained within the email mailbox. There is no evidence the data was actually accessed or exfiltrated but this …
P2020-ND-013

Leafly Holdings, Inc.

On September 30, 2019, the Organization was contacted by a security researcher who advised that he had obtained a set of the Organization?s user records. The Organization investigated and found that the records were from a legacy database that was last updated in July 2016. This database was separate from the Organization?s production database, and has since been decommissioned.
P2020-ND-012

OrthoAccel Technologies, Inc.

On or about January 14, 2019, the Organization became aware of suspicious activity relating to certain employee email accounts. On January 28, 2019, the Organization?s investigation confirmed one of its email account users was the victim of a phishing event that resulted in unauthorized access to their email account on separate occasions between December 6, 2018 and January 14, 2019. On February 4, 2019, the investigation confirmed two additional email account users were subject to …
P2020-ND-011

Omista Credit Union Limited

On May 29, 2019, the Organization was made aware of an email phishing incident that affected a number of its employees. In particular, an employee mistakenly clicked on a malicious link after receiving a phishing email, which resulted in unauthorized access to the employee’s email account by an unknown third party or parties. As a result, unauthorized access to personal information belonging to the Organization?s members and non-members, which was stored in the employee’s email …
P2020-ND-010

The Driving Force Inc.

On September 3, 2019, the Organization discovered that, due to a phishing scheme, an unauthorized third party gained access to the Outlook mailbox of one of its vehicle rental agents working out of Kelowna, British Columbia. The Organization has not been able to determine the identity of the third party or whether any specific information within the account was actually accessed or downloaded. The breach was discovered by the Organization’s IT department on September 3, …
P2020-ND-009

Servus Credit Union Ltd.

On October 7, 2019, an unauthorized individual was able to successfully access a member?s account. The incident occurred when online banking access was granted over the phone via poor authentication practice by an agent of the Organization, contrary to posted policy. The incident was discovered the same day, when the unauthorized individual contacted the Organization again and spoke to a different agent who refused access and contacted Corporate Security. No funds were lost as all …
P2020-ND-008

Beakerhead Creative Society

The Organization maintains several email distribution lists for purposes which include promoting the Organization?s annual festival. The email distribution list is managed through a third party, online email management service provider (the Service), which requires users to login to an account using a username and password. Once logged in, a user can access, export, and download a spreadsheet of a specific email distribution list from the Service. On the afternoon of October 1, 2019, the …
P2020-ND-007

Eye Safety Systems, Inc.

On July 16, 2019, a third-party developer reported unusual activity in email logs and determined that emails had been sent from the server hosting the Organization?s website, to an unauthorized email address. The Organization investigated and concluded that an unauthorized individual or group extracted personal information by executing a vulnerability in the website code. The unauthorized person was able to obtain the information starting on or around November 21, 2017, and ending on July 16, …
P2020-ND-006

Rifco National Auto Finance

On September 13, 2019, an employee was conversing by email with a customer, and inadvertently used the ongoing email string in an email to a different customer. The incident was discovered on October 21, 2019 when it was reported by the unintended recipient, who also provided a copy of the email at issue to the Organization.
P2020-ND-005

Manufacturers Life Insurance Company of Canada

Internal forensic investigation found evidence of anomalous activity on the Organization?s Group Retirement business’s Plan Member website on September 27, 2019. The activity appears to be the result of common password trial and error, leveraging personal information already in the possession of the perpetrator(s). The Organization?s investigation suggests a manual, “hands on” fraud effort. The breach was discovered on October 9, 2019 when a plan member called to report unusual on line account activity.
P2020-ND-004

Feld Entertainment, Inc.

The Organization learned of suspicious activity involving certain employee email accounts related to a phishing scam. The Organization?s investigation confirmed unauthorized access to certain employee accounts on separate occasions between November 14, 2018 and January 25, 2019. The Organization has no evidence of any actual or attempted misuse of the personal information within the affected email accounts.
P2020-ND-003

Employer’s Resource Council

On or about February 21, 2019, the Organization became aware of suspicious activity relating to two of its employees’ email accounts. On April 2, 2019, the Organization determined that an unauthorized actor accessed the impacted accounts on February 21, 2019. On June 28, 2019, the Organization determined that personal information relating to a Canadian resident was potentially affected.
P2020-ND-002

Carl’s Golfland

On March 25, 2019, a webshell was inserted into the Organization?s website through a vulnerability and brute force attack. Customers who made online purchases between the dates of March 25 through July 14, 2019 were affected. The breach was discovered on July 14, 2019 as the result of a bank inquiry.
P2020-ND-001

Industrial Alliance Insurance and Financial Services Inc.

On June 20, 2019, the email account of a representative of the Organization was accessed as the result of a phishing incident. The hacker accessed the email box again on July 17, 2019, including all emails in the email box and the personal information in the emails. The incident was discovered on July 17, 2019, when some of the Organization?s employees received phishing e-mails and informed IT services.
P2019-ND-208

Mountain Equipment Coop

The Organization?s online ecommerce platform was attacked with a botnet between the period of July 23-August 8. The botnet was doing a credential stuffing attack and attempting to use stolen credentials to log into mec.ca. Some of the credentials belonged to members and so the bot was successful at logging into 2,335 member online accounts. The breach was discovered on August 1, 2019 through log reviews by the Organization?s ecommerce team.
P2019-ND-207

Independent Counselling Enterprises Inc.

On August 13, 2019, a support worker was in possession of a document that contained the information at issue. The document was left in an envelope in the worker’s vehicle. The vehicle was subsequently broken into and the envelope and the document were stolen from the vehicle. The incident was discovered the same day.
P2019-ND-206

91911712 Canada Inc., dba Mortgage Alliance “Mortgages Are Marvellous”

On July 22, 2019, the personal information at issue was made visible in a closed Facebook group that was set up for mortgage broker business and underwriting tips. A single picture showing 9 documents was posted for about 15 minutes, before being withdrawn.The incident was discovered on August 20, 2019 after a third party provided a screen capture of the information to the Real Estate Council of Alberta.
P2019-ND-205

HomeStars, Inc.

On September 30, 2019, the Organization discovered unauthorized activity that may have resulted in unauthorized access to one of the Organization?s servers. The Organization?s investigation determined that the unauthorized activity began on September 28, 2019 and continued at least until October 2, 2019. The incident occurred as a result of the unauthorized user exploiting a vulnerability in an open source data structure store, which was then used to access the affected underlying staging server by …
P2019-ND-204

McNeill, Lalonde & Associates

On February 25, 2019, the Organization learned that an employee had been charged with fraud. The Organization reported is ??concerned that the [employee] improperly collected, used and/or disclosed certain personal information that in the course of her employment?. The Organization reported it does not know if any personal information of three Alberta-based employees was compromised, but it has evidence that a Vancouver-based employee?s personal information was compromised.
P2019-ND-203

Zedi Canada Inc.

The Organization engaged a tax consulting service provider.The Organization reported that, on February 27, 2019, its service provider determined that a former employee had surreptitiously and unlawfully downloaded data, some of which contained confidential information on the Organization?s current and former employees, to a remote server during his short-term employment from January 28, 2019 to February 20, 2019. The service provider informed the Organization about the breach on March 14, 2019. The service provider?s former …
P2019-ND-202

Heart and Stroke Foundation of Canada

On February 4, 2019, it was brought to a user?s attention that the user?s email account had been used to send emails that appeared to be suspicious. Internal IT and outside consultants determined that someone unknown had accessed the user?s email account and used it to send emails with a fraudulent purpose. No evidence of data exfiltration or any other access to the Organization?s resources were found. The investigation revealed a number of suspicious logins …
P2019-ND-201

ABCU Credit Union Ltd.

On March 7, 2019, the Organization mailed a draft to an address in Toronto. On March 15, 2019, the Organization was informed an envelope containing the draft was found in the back of a courtesy vehicle returned to a dealer in Alberta. The Organization retrieved the envelope and found it had been torn open, although it contained the draft that was mailed. The Organization has confirmed that the envelope was addressed correctly, and does not …
P2019-ND-200

Moodys Gartner Tax Law LLP

In the early morning hours of April 22, 2019, thieves entered the Organization?s office building in Calgary and stole a number of items. On April 23, 2019, an assistant who had been absent on April 22, discovered that a duffel bag containing some personal tax information for a client was missing. A search of the office failed to locate the duffel bag.
P2019-ND-199

SGI Canada Insurance Services Ltd.

On April 3, 2019 a customer of the Organization met with an adjuster from an independent adjusting firm, to provide a statement regarding an auto insurance claim file. The Organization engaged the services of an independent adjuster for this task. On April 9, 2019 the independent adjuster had her vehicle parked at a business in Calgary. The vehicle was broken into and her briefcase was stolen from the locked trunk of the car, either on …
P2019-ND-198

Citrix Systems Canada Inc.

On March 6, 2019, the FBI informed the Organization that the FBI had reason to believe that international cyber criminals gained access to the Organization?s internal network. The Organization believes that the cyber criminals had intermittent network access between October 13, 2018 and March 8, 2019, and that they removed files from the Organization?s internal systems during that time period.
P2019-ND-197

SNC-Lavalin Inc.

On September 3, 2019, the Organization discovered that an unknown and unauthorized third party had tried accessing user accounts on August 19, August 27 and September 3, and had gained access to the mailbox of one employee, which contained personal information. The Organization reported ?Although we cannot be completely certain that the content of the mailbox has been duplicated or exfiltrated, the attacker had the time and the means to do it?. The breach was …
P2019-ND-196

Young Women’s Christian Association of Banff

On March 30, 2019, a client’s file was lost after a staff member was updating the file. The Organization believes the file may have been shredded or recycled along with other papers that were discarded on the same date. The breach was discovered on April 10, 2019 when the Manager of Programs and Services was updating department statistics and could not find the file.
P2019-ND-195

Lancaster Archery Supply, Inc.

On April 3, 2019, the Organization became aware that certain payment card information used at www.lancasterarchery.com and www.lancasterarcherydealer.com may have been compromised from July 4, 2018 through February 8, 2019, February 11, 2019 through February 14, 2019, and on February 16, 2019. The incident was discovered when the Organization received a report of unusual card activity from its credit card processor.
P2019-ND-194

Standard Nutrition Canada Co., owned by Sollio Agriculture, a division of La Coop federee

On April 6, 2019, an employee’s email account was accessed by an unauthorized individual through a phishing scam asking for login credentials. The email account was then used to send similar phishing messages to other employee accounts on April 9, 2019. As a result, two other employee email accounts were accessed by an unauthorized individual. These accounts were blocked quickly enough they were not used to send phishing messages. Only one of the email accounts …
P2019-ND-193

Vitalize, LLC

In February 2019, the Organization became aware of a data security incident involving unauthorized access to its systems. The Organization?s investigation traced the unauthorized activity to a phishing email received in July 2018. The investigation also determined that some data was removed from the Organization?s systems, but the nature of the files taken is unknown.
P2019-ND-192

Tacony Corporation

On March 12, 2019, the Organization confirmed that code inserted into its online store, www.amazingdesigns.com, was capable of capturing customer payment card information entered between June 7, 2018 and February 4, 2019. The code was removed.
P2019-ND-191

Emco Corporation

On February 27, 2019, the email account of an employee was accessed by an unauthorized individual. The employee’s password was changed (by the employee) on February 28, 2019 and the account was not re-accessed by any unauthorized individual thereafter. The Organization has no knowledge of any of the employee’s emails having been accessed and it is not clear whether the unauthorized individual did anything in the account. On March 19, 2019, the email account of …
P2019-ND-190

Cervus Equipment Corporation

On February 8, 2019, the Organization was alerted to a potential unauthorized breach of an employee’s email account. An unidentified third party enabled an email forwarding rule, which enabled incoming mail to be surreptitiously forwarded to the unauthorized party’s email account between the period of November 12, 2018 – February 8, 2019. A portion of the emails that are believed to have been forwarded contained personal information belonging to a number of current and former …
P2019-ND-189

Haws Corporation

On March 1, the Organization experienced a ransomware attack. The breach was discovered the same day when employees were unable to access their systems. The Organization immediately engaged computer experts to determine what the impact was to the system and to negotiate with the threat actor. A forensic investigation was completed on or about March 26, 2019, but was unable to conclude whether sensitive personal information was accessed by the threat actor.
P2019-ND-188

Teck Resources Limited

On March 20, 2019, the Organization was advised by a job candidate that he was able to access not only his online profile but also an internal document which included recruiter notes from his own interview as well as interview notes for others. The incident occurred sometime between February 20, 2019 and March 20, 2019. The breach was due to human error. A recruiter scanned six sets of interview notes and a resume, saved them …
P2019-ND-187

Microsoft Corporation

On March 30, 2019, the Organization received an external report about a person online selling access to the Organization?s consumer Outlook.com email accounts. The Organization investigated and confirmed that the seller was providing valid credentialed access to an internal support tool. The credentials were from a call centre support supervisor who worked for the Moroccan office of a company providing customer support services to the Organization. The supervisor had, against policy, given credentialed access directly …
P2019-ND-186

Servus Credit Union Ltd.

On August 1, 2019, an unauthorized individual was able to successfully access a member?s account. The incident occurred when online banking access was granted over the phone via poor authentication practice by an agent of the Organization, contrary to posted policy. The incident was discovered on August 2, 2019 when the unauthorized individual contacted the Organization again and spoke to a different agent who refused access, cancelled online banking, and contacted Corporate Security. The breach …
P2019-ND-185

Trusted Tours & Attractions, LLC

On June 25, 2019, the Organization investigated after being alerted to potential fraudulent activity occurring on payment cards that were used on its website, trustedtours.com. The investigation found that an unauthorized person added unauthorized code on the website so that payment card information entered by purchasers was copied and sent to an external location. The unauthorized code was present and active on the site between March 24, 2019 and June 27, 2019.
P2019-ND-184

Dawn Food Products (Canada) Ltd.

In or around September 2018, an outside individual sent emails to a few of the Organization?s employees soliciting their login information to the Organization?s email system. The individual appears to have been able to use the login information to gain unauthorized access to the employees’ mailboxes. On approximately April 5, 2019, the Organization determined that these mailboxes contained certain information about a limited number of employees, customers and other individuals, and investigated further to confirm …
P2019-ND-183

Fossil Group, lnc.

The Organization reported it believes an unauthorized third party placed malicious-code on its Misfit.com website, enabling an unauthorized party to obtain certain information pertaining to website users. The Organization reported the breach occurred on May 14, 2019. It was discovered on June 18, 2019 by a security researcher who alerted the Organization that an unauthorized third party may have obtained certain information pertaining to website users.
P2019-ND-182

Children’s Wish Foundation of Canada

On May 6, 2019, an HR employee clicked a malicious link included in an email asking her to modify her Office365 password. The employee immediately alerted the Organization?s IT department and changed her password. No abnormal activity was detected by the IT department until May 23, when it noticed the existence of an unauthorized log from Bulgaria dated May 1 and from Turkey dated May 3. The Organization investigated, contacted Microsoft and retained a forensic …
P2019-ND-181

Zynga Game Ireland Limited

On September 2, 2019, the Organization discovered that certain player account information may have been illegally accessed by outside hackers on or about August 31, 2019. The games, group of games, and data sources affected were: Draw Something (formerly OMGPOP); Poker; Games with Friends; and one additional table that is not tied to a particular game. The Organization does not believe that any financial information was accessed.
P2019-ND-180

Liberty Law

The Organization was acting as legal counsel in disciplinary hearings before a Professional College (College). On October 9, 2019, a lawyer with the Organization printed several hundred pages of records containing personal health information related to the disciplinary hearings. Due to a printing problem, a number of these documents were discarded in the Organization?s recycle bin, instead of the secure shredding box. On October 10, 2019, the Organization was advised by the College that an …
P2019-ND-179

Discovery Communications, LLC

The Organization uses a cloud-based platform to store and exchange certain corporate information. On March 9, 2019, it learned from a third party that certain folders stored in the platform had been shared by staff with external business partners in such a way that the folders and the files within the folders could potentially be accessed by other parties. The next morning, the Organization reconfigured the access settings to these folders to remediate the issue. …
P2019-ND-178

Zero Technologies, LLC d/b/a Zero Water

The Organization received a report of unusual card activity from its credit card processor. The Organization investigated, and determined that a vulnerability existed on its website that would permit access to certain customer payment card information if the vulnerability was exploited. On or around May 24, 2019, the investigation determined that there was evidence that the vulnerability was exploited and that there was unauthorized access to payment card information.
P2019-ND-177

The Great-West Life Assurance Company

On March 27, 2019, due to an administrative error, a group plan member received a mailed letter addressed to him, which also contained a copy of a letter intended for a different member. The unintended recipient and the affected individual are co-workers who are members of the same group plan. The letter received by the unintended recipient contained information regarding the affected individual’s application for short term disability benefits. The breach was discovered on April …
P2019-ND-176

Conde Nast

Between April 14, 2019, and April 17, 2019, an unauthorized person(s) gained access to certain systems of the third-party vendor that maintains and operates certain subscription pages for the Organization and was able to modify certain subscription pages to acquire transaction information. The Organization first learned of a potential incident on April 17, 2019, when a third-party provider of advertising services informed it that there was a policy violation/malvertising on a subscription page. The vulnerabilities …
P2019-ND-175

A.T. Cross Company

In May 2019, the Organization received reports from certain customers that the checkout page of its website was behaving abnormally. On or around June 3, 2019, an investigation confirmed that information provided for purchases on the website between May 9 and May 14, 2019 was potentially subject to unauthorized acquisition.
P2019-ND-174

Servus Credit Union Ltd.

On June 18, 2019, an impersonator was able to successfully access a member?s account by successfully answering authentication questions from two (2) different call centre agents. The breach was discovered the same day when the actual member contacted the Organization regarding an unauthorized e-transfer and spoke to the call centre agent who had just reset online access for the impersonator.
P2019-ND-173

EMC Business Solutions LLP

On February 23, 2019, the Organization learned that it was the victim of a malware attack on its ecommerce website. An investigation determined that a keylogger was installed from January 10 to February 23, 2019. During this period, the keylogger had the ability to capture all keystrokes entered by individuals completing a transaction on the website. The incident was discovered on February 21, 2019, when the Organization?s IT discovered evidence of a malicious URL. The …
P2019-ND-172

HP Restaurant Group

On or about April 5, 2019, the Organization was notified of suspicious activity regarding its online payment processing platform. On or about April 29, 2019, an investigation determined it was possible that customer credit and debit card information for transactions that occurred on the Organization?s ecommerce gift card website since 2011 may have been subject to unauthorized access and/or acquisition.
P2019-ND-171

American Rental Association

On March 19, 2019, the Organization discovered that between the period of June 14, 2018 and March 19, 2019, malicious code was present on its website that scraped certain personal information from the site. The breach was discovered when an outside source reported an irregularity to the Organization.
P2019-ND-170

National Wildlife Federation

On or about April 25, 2019, the Organization identified signs that a back-end database hosted by a third-party vendor that contained customer information was accessed without authorization. The Organization?s investigation found the back-end database was accessed on or around January 3, 2019. The database involved was used to maintain customer information to assist with processing of payments and fulfilment of customer orders.
P2019-ND-169

Premiere Suites

On or around May 30, 2019, one of the Organization?s laptop computers was stolen. Despite company policy to the contrary, credit card information was stored on the hard drive. As a result, the data contained on the hard drive might have been accessible to the public. The incident was reported on May 31, 2019, and the account was frozen early in the morning of Saturday, June 1.
P2019-ND-168

T3 Micro, Inc.

On or about March 14, 2019, the Organization began investigating suspicious activity occurring on its online ecommerce website. On May 03, 2019, the investigation determined that the Organization was the victim of a cyber-attack that may have resulted in a compromise to some of its customers’ credit and debit cards used to make purchases on its ecommerce website between July 13, 2018 and March 17, 2019.
P2019-ND-167

eHarmony, Inc.

On May 21, 2019 an analyst with the Organization was monitoring social media and found a YouTube video that had been uploaded by an unknown third party and which displayed a list of the Organization?s accounts. In the YouTube video, the third party is seen to be advertising a software tool that is used to test lists of user account credentials, in order to identify accounts susceptible to being compromised. The Organization commenced an internal …
P2019-ND-166

Canadian Tire Corporation

The Organization reported that a threat actor used credentials compromised in previous breaches from unrelated third party companies to gain access to accounts of users who use the same credentials with the Organization. The breach occurred between May 17 – 27, 2019, and was discovered on May 17, 2019 when IT Security identified unusual activity occurring on the Organization?s authentication API.
P2019-ND-165

Stuart Olson Inc., and its subsidiary Canem Systems Ltd.

On March 10, 2019, the Organization experienced an encrypted ransomware attack that affected access to a majority of the Organization?s IT systems and internal servers. The attacker demanded payment of a ransom in exchange for restored access to these systems. The incident was discovered the same day by staff investigating a help desk ticket related to email performance. The Organization?s investigation has not found any evidence to indicate there was any exfiltration of personal information, …
P2019-ND-164

Amsterdam Printing & Litho

On February 13, 2019, the Organization detected a possible security incident involving its website. On April 16, 2019, the investigation determined that payment card information for customers who used its website between February 1 and 13, 2019 may have been acquired without authorization.
P2019-ND-163

The Guarantee Company of North America

The Organization learned that on February 27, 2019, one of its employee email accounts was accessed by an unauthorized individual and used to send phishing emails from the account. The incident affected one email account, which was accessed for approximately five hours on February 27, 2019. No other employee accounts were affected. The cause of the incident was determined to be a phishing email that had been sent to the employee from a known and …
P2019-ND-162

IPC Investment Corporation

On May 2, 2019, an unauthorized sender caused a “phishing” email to be sent to email addresses from an Advisor’s contact list. The phishing email was written to trick recipients into providing payment in the form of Google Play cards. Responses were redirected to an alternate email and the owner of the account is not known. Some individuals who received the communication identified it as a phishing attempt and notified the Advisor’s office the same …
P2019-ND-161

Industrial Alliance Insurance and Financial Services Inc.

An employee of an agency of the Organization was the victim of a phishing incident in the fall of 2018. All the victims of this first incident resided in Quebec. After resetting his password, the employee inadvertently used his old password that had been the subject of the phishing incident. The hacker was again able to take control of the mailbox and had the opportunity to access all the emails in the employee?s mailbox and …
P2019-ND-160

Midnight Integrated Financial, Inc.

In early February 2019, an employee?s email account was compromised as a result of a phishing email. On March 1, 2019, the Organization?s external IT service provider emailed administration credentials to the employee that were then used by the unauthorized user on March 5, 2019 to delegate the inboxes of six (6) additional staff to the employee. The employee identified the issue and reported it to the Organization?s IT personnel. The inbox delegations were removed …
P2019-ND-159

RWH Travel Limited

On February 14, 2019, the Organization identified a security misconfiguration of an online portal used for internal administrative purposes. This resulted in some customer data potentially being accessible through online search engines when using specific search terms. The Organization estimates that that the earliest date from which some elements of the data was unsecured was February 1, 2016. The data was secured on February 15, 2019. The Organization reported that log information indicates the data …
P2019-ND-158

The Living Desert

On February 4, 2019, a computer forensics firm hired by the Organization reported that a limited number of the Organization?s employee email accounts may have been accessed without authorization, and certain accounts may have contained personal information. On February 13, 2019, the Organization engaged a document review vendor to search the contents of those email accounts for personal information. On March 6, 2019, the Organization learned that information of seventeen Canadians (including 4 Albertans) was …
P2019-ND-157

SGI Canada, as reported by S.J. Kernaghan Adjusters Ltd.

On April 9, 2019, an employee?s vehicle was broken into and a briefcase was stolen from the trunk. The briefcase had an insurance claim file inside with personal information of the insured.
P2019-ND-156

Trackside Physical Therapy

On July 2, 2019, the Organization discovered that a power surge damaged the clinic?s hard drive which contained client personal information. The back-up in place was not sufficient to recover the data. On July 3, 2019, the Organization took the hard drive to a local data recovery lab. The lab indicated that the unit was damaged, preventing normal operation of the device but suggested recovery might be possible, but the hard drive had to be …
P2019-ND-155

Financeit Canada

On August 26 and 27, 2019, an unauthorized third party accessed the Organization?s systems. The Organization investigated and determined a hacker logged into a merchant account on the Organization?s platform using valid login credentials. The hacker was able to exploit a vulnerability allowing them to gain access to personal information relating to loan applications for other merchants. The hacker did this by creating a script to export the personal information from the platform through a …
P2019-ND-154

LinkedIn Ireland

In 2012, the Organization experienced an incident involving unauthorized access to and disclosure of some members? passwords. At the time, the Organization believed that the hashed passwords of 15 million accounts may have been compromised. On May 18, 2016, the Organization became aware of the release of an additional set of data comprised of email addresses, member IDs, and hashed password combinations of more than 100 million members, which appeared to have been obtained from …
P2019-ND-153

Leduc Beaumont Family Physicians Group NPC

On June 7, 2017, an employee of the Organization emailed a memo to member physicians and their clinic managers (who are not the Organization?s employees) regarding a program change. The employee created the memo using a template. However, the employee did not realize that the template included several pages, and these other pages included the information about Organization staff salary increases. The incident was discovered when a recipient of the email notified the employee who …
P2019-ND-152

National Capital Poison Center

On October 21, 2017, the Organization discovered it had experienced a ransomware infection. The Organization?s investigation determined that unauthorized access to a database server occurred on October 21, 2017, and unauthorized access to the data stored on that server cannot be ruled out. The possibly affected database contains information that may have been provided during the Organization?s call centre calls.
P2019-ND-151

Primevest Equities Inc.

On July 28, 2017, the Organization was not able to access its file server. Later the same day, the Organization received an email saying that hackers had copied the Organization?s data and were demanding a ransom or the information would be released. The Organization disconnected the compromised server and contacted law enforcement. The file server contained mostly templates but did not contain client or employee data. The Organization reported ?The concern would be if they …
P2019-ND-150

Mercedes-Benz Financial Services Canada Corporation

On or about December 18, 2017, it was determined that a box containing paper copies of credit applications and customer contracts had gone missing during shipping to another company. The Organization investigated, but was unable to locate the box.
P2019-ND-149

Loblaw Companies Ltd.

The Organization launched a new loyalty program on February 1, 2018. After the launch, the Organization identified suspicious spikes in traffic. The first attack noted was on February 14, 2018, followed by attacks on other ecommerce websites in March 2018 (PC Optimum, Joe Fresh and Digital Pharmacy). The Organization investigated, and determined the PC Optimum website was targeted by automated bots in an attempt to authenticate members? login credentials (i.e. email address and password) and …
P2019-ND-148

Grant Thornton Limited

On or about December 4, 2017, an employee of the Organization printed counselling documents prior to a session with clients. When collecting the documents from the printer, the employee inadvertently picked up additional pages containing the personal information of two other individuals, and stapled these additional pages together with the counselling documents and provided them to the clients. The two documents, comprising three pieces of paper, included the personal information at issue. The clients who …
P2019-ND-147

KARO Dental Care

The Organization rents a storage locker to store inactive patient files and archived accounting records. Between March 5-6, 2018, ?The locker was broken in to and some of the records were stolen. One 4 drawer filing cabinet full along with 10 – 15 banker boxes, both full of archived records. The exact volume is difficult to determine.? The incident was discovered on March 6, 2018.
P2019-ND-146

Tina Cowan, Counseling Services, Registered Provisional Psychologist, Alberta

On November 29, 2017, the Organization found that a briefcase and cellphone had been stolen from a shared office space. The stolen briefcase contained 5 paper-based client files (for 8 individuals), a binder containing paper-based supervision notes (for 53 individuals), and a paper-based notebook that contained contact information and hourly rate session fee (for 74 clients). The cell phone did not have any access controls.
P2019-ND-145

North American Title Company

On May 5, 2017, the Organization?s chief security officer received a spam email from another employee?s email. The Organization investigated and determined that a phishing incident occurred and that there was potential unauthorized access to information contained within an employee?s emails. The unauthorized third party may have had access to the employee?s email account from February 9, 2017 to February 15, 2017 and used the account to send spam emails. Although the Organization did not …
P2019-ND-144

Calder Bateman Communications Ltd.

The Organization runs all aspects of the Caritas Dream life Lottery on behalf of the Covenant Foundation. On June 1, 2017, the Organization?s service provider, Pixel Army, discovered malware affected its system performance. The incident appears to be related to an earlier breach for which certain vulnerabilities remained undetected and unaddressed. The vulnerability affected transactions conducted through the Organization?s website between February 9 and 22, 2017. The Organization and its service provider took steps to …
P2019-ND-143

Calder Bateman Communications Ltd.

The Organization runs all aspects of the Full House Lottery on behalf of hospital foundations. On May 2, 2017, the Organization?s service provider discovered that system performance was affected by malware. This new incident related to an earlier incident, for which certain vulnerabilities remained undetected and therefore unaddressed. The vulnerability affected transactions conducted through the Organization?s website between February 23 and May 2, 2017. The Organization suspended all transactions, and worked with a cybersecurity company …
P2019-ND-142

Calder Bateman Communications Ltd.

The Organization runs all aspects of the Full House Lottery on behalf of hospital foundations. On February 22, 2017, the Organization?s service provider, Pixel Army, discovered that an unauthorized party remotely accessed its website on February 9, 2017 and installed malware aimed at capturing the personal information of individuals using the Organization?s website. The Organization contracted a cybersecurity firm to investigate the incident in cooperation with the service provider that was maintaining the website. The …
P2019-ND-141

Community Options: A Society for Children and Families

On November 1, 2018, a car belonging to one of the Organization?s teachers was broken into and a file case was taken. The breach was discovered the same day.
P2019-ND-140

The Children’s Cottage Society of Calgary

On February 5, 2019, a (now former) employee of the Organization emailed the information at issue to her personal email address. The employee had authorized access to the information during her employment. The incident was discovered on February 13, 2019, when another employee was reviewing the former employee?s emails and found confidential information had been sent to the former employee?s personal email address.
P2019-ND-139

AeroGrow International, Inc.

On March 4, 2019, the Organization learned that an unauthorized person may have acquired, through the use of malicious code, the payment card information that users entered into the e-commerce vendor’s payment page. It is believed the code was present on the website from October 29, 2018 through March 04, 2019. The incident was discovered on March 4, 2019, upon a review of payment card handling practices.
P2019-ND-138

University of Mary

On January 30, 2019, the Organization concluded an investigation concerning suspected unauthorized access to an employee?s email account. The Organization reported the breach occurred on August 15, 2018 and ended on August 20, 2018, when steps were taken to secure the account. The Organization conducted a preliminary investigation at the time, but was unable to determine which emails or attachments may have been viewed in the account. The Organization recently began a new investigation with …
P2019-ND-137

TransCanada Credit Union Ltd.

A former employee, without authorization, electronically transferred funds from lines of credit, loans and/or members’ savings accounts to external bank accounts controlled by the employee and/or the employee’s family members. In addition to unauthorized access and use of personal information on the Organization?s information technology systems, four physical files relating to four individual members affected by the scheme cannot be located and are suspected to have been taken or destroyed by the employee. The breach …
P2019-ND-136

TGS Canada Corp.

On February 26, 2019, the Organization was advised by one of its vendors of a security incident and that some of the vendor?s data may have been stolen. On February 28, 2019, the vendor confirmed to the Organization that a former employee had stolen certain data from the vendor?s computer network. It remained unknown to the Organization at that time whether the Organization?s data was among the data stolen by the former employee. On March …
P2019-ND-135

CI Investments Inc.

Clients of the Organization are able to specify documents they wish to be able to access electronically through an online portal.On September 6, 2018, the Organization found that, as of November 21, 2017, the address update function for the online portal did not update the systems relied upon to send out client documents. As a result, clients who submitted an address update through the online portal on and after November 21, 2017 were sent tax …
P2019-ND-134

Kathmandu (U.K) Limited, Kathmandu Limited, and Kathmandu Pty Limited

On or about February 21, 2019, the Organization became aware that an unidentified third party gained unauthorized access to its website between January 8, 2019 and February 12, 2019. During this process, the third party may have captured customer personal information and payment details entered at check-out for potential fraudulent use.
P2019-ND-133

IQ Insurance Services, Inc.

On February 21, 2019, the information at issue was emailed to the wrong email address. The employee who sent the email discovered the error immediately after sending.
P2019-ND-132

Vecova Centre for Disability Services and Research

On January 12, 2019, between approximately 11:30 a.m. – 12:00 p.m., a laptop used by a physiotherapist was stolen from an office accessed through a classroom within the Organization?s Calgary premises. The laptop contained the files for three program participants. The files were stored on the desktop of the laptop which was not encrypted. The laptop also contained information on an encrypted server/drive relating to an additional 85 participants and their parents/guardians. The incident was …
P2019-ND-131

The Manufacturers Life Insurance Company

On November 14, 2018, a paramedical examiner’s vehicle in Calgary was broken into and some personal items were stolen along with paramedical work orders. The Organization was notified of the breach on December 12, 2018 by its third party vendor.
P2019-ND-130

Alberta Medical Association

On November 22, 2017, the Organization?s Calgary office was broken into and a number of items were stolen, including 17 laptop computers and a notebook containing some work-related information. Three of the laptops were not encrypted, but only one had personal information stored on it (first name and last name, zone the individual worked in, and business email address). A paper document was posted by a desk and listed personal contact information for a number …
P2019-ND-129

Solara Condominium Corporation

An Executive member of the Organization?s board was provided with a USB drive which contained confidential owner information. On April 17, 2018, the Organization discovered that when the member ceased to hold the role on the Board, the USB stick was not returned. The Organization reported that the loss was discovered when ??the former Executive member’s?husband sent an email to the current Board confirming [the former member] still possessed the USB drive which contained information …
P2019-ND-128

Equifax

On July 29, 2017, the Organization?s security team observed suspicious network traffic relating to its Online Dispute web application. The security team immediately blocked a range of IP addresses believed to be associated with the suspicious traffic and investigated. On July 30, 2017, the Organization identified additional suspicious traffic and took the web application offline. The incident occurred between May 13, 2017 and July 30, 2017.
P2019-ND-127

Luxury Hotels International of Canada, ULC, a wholly owned subsidiary of Marriott International, Inc., the primary operating company for Canadian hotels.

On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. In its report of the incident, the Organization said ?Marriott recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.? In its …
P2019-ND-126

Calgary Science Centre Society

On November 6, 2018, an employee of the Organization logged in to their email account from a remote location using an apparently insecure public WIFI hotspot. The employee’s log-in information (username and password) were intercepted by an unauthorized third party. The user’s log-in credentials were subsequently used on more than one occasion by the unauthorized third party to gain access to and manipulate the user’s email address and file folder systems, including requesting a change …
P2019-ND-125

GS1 US, Inc.

On October 1, 2018, an internal investigation revealed suspected malicious code on the Organization?s systems. The suspected malicious code may have had the ability to access and acquire information as it was entered onto the payment transaction form used by the Organization?s online store. The potential incident occurred between approximately July 7, 2017 and October 2, 2018. The Organization cannot confirm that any individual customer’s information was in fact involved in the potential incident.
P2019-ND-124

Alberta College and Association of Opticians

On December 18, 2018, the Organization?s server and system was hacked and infected with ransomware. The breach was discovered the same day.
P2019-ND-123

ATB Financial

On December 12, 2018, a team member’s home was broken into and a work laptop bag was stolen. The bag contained customer information, an Organization laptop, and some personal belongings. The laptop was encrypted and has screen lock. The certificate for the laptop was revoked to prevent authentication or wireless connectivity to the Organization?s network. The breach was discovered the same day when the team member noticed that the items were missing.
P2019-ND-122

The Topps Company, Inc.

On December 26, 2018, the Organization became aware of possible unauthorized access to the www.topps.com website. On January 10, 2019, the Organization?s investigation confirmed that an unauthorized third party placed malicious code at the website, which may have resulted in access to or acquisition of payment card and other information that customers provided when placing orders through the website between November 19, 2018 and January 9, 2019.
P2019-ND-121

Longbow Capital Inc.

On September 11, 2018, an employee completed a fraudulent web-form based on an email which appeared to be from a trusted party. The information provided by the employee allowed a malicious actor to change the email account settings for that employee to activate forwarding of all incoming email. The incident was discovered on December 3, 2018, when an IT consultant identified the unauthorized forwarding email address during a routine review of spam reports.
P2019-ND-120

Proline Pipe Equipment Inc.

On December 6, 2018, a former employee’s Record of Employment was erroneously emailed to approximately 50 fellow employees. An employee of the Organization notified management the same day.
P2019-ND-119

Intuit Canada ULC

The Organization engaged a local accounting firm to prepare and mail out amended T4 statements. The mail-out took place on January 4, 2019. On January 10, 2019, the Organization learned that some of the amended T4 statements may have been sent to old mailing addresses. The concern was first identified by an employee who discovered that his amended statement was delivered to his old mailing address.
P2019-ND-118

1873349 Ontario, Inc.

The Organization received information from a third party indicating that common point of purchase data suggested a potential issue with its website, www.1800Flowers.ca. On October 30, 2018, the Organization?s investigation identified unauthorized access to payment card data from cards used to make purchases on the website from August 15, 2014 to September 15, 2018. The Organization reported the breach occurred June 1, 2016 and ended September 15, 2018.
P2019-ND-117

Kahane Law Office

The Organization reported that, on August 8, 2018, ?An individual accessed metadata in a document that included personal addresses and financial information?. The incident was discovered November 14, 2018 when the individual who accessed the metadata contacted the affected individual directly.
P2019-ND-116

Repsol Oil & Gas Canada Inc.

On October 25, 2018 an unknown male gained access to the Organization?s Calgary office. The trespasser accessed the mailroom for approximately 2 hours, leaving with a number of envelopes and miscellaneous items. The incident was discovered the next morning and reported to law enforcement.
P2019-ND-115

500px Inc.

On February 8, 2019, the Organization became aware that someone was offering to sell the Organization?s user data on the dark web. A sample of user account data provided, appeared to be genuine. That same day, the Organization?s engineering team confirmed a potential security issue affecting approximately 14.8 million 500px user accounts. Based on its investigation, the Organization believes that an unauthorized party gained access to its systems and acquired certain user data on approximately …
P2019-ND-114

ATB Financial Winfield Agency

On March 8, 2019 at approximately 3:30 am the Organization experienced a break-in and a safe was stolen. The information at issue was stored within the safe. The safe was recovered, but was empty. None of the safe?s contents have been recovered.
P2019-ND-113

Global Knowledge Network (Canada) Inc.

On or about February 20, 2019, an employee printed and mailed out T4A forms to course instructors for tax purposes. Each printed page included one individual?s T4A form on half of the document and the T4A form of another individual on the other half. Two copies of each printed page were mistakenly mailed to one of the individuals identified within the document. As a result, recipients may have received one or two copies of a …
P2019-ND-112

The Great-West Life Assurance Company

On September 11, 2018, due to an administrative error, a demand letter for overpayment of disability benefits under a group plan was mailed to the wrong address. The letter was mailed by registered mail and the Organization obtained the signature of the unintended recipient on the delivery confirmation. The breach was discovered on October 19, 2018, when, while verifying whether the demand letter was signed for to determine next steps, the staff noticed that the …
P2019-ND-111

Imperial Oil Limited

On December 21, 2018 a fitness for work form was emailed in error to an internal employee with the same last name as the intended recipient. The employee that the form was emailed to in error emailed the sender after hours December 21, 2018 advising that the email should not have come to her. The sender did not see the email until January 7, 2019 due to vacation. On January 7, 2019 when the sender …
P2019-ND-110

Best Buy Canada Ltd.

On or around December 22, 2018, the computer of an Alberta customer was sent to the Organization?s British Columbia Service Centre for a diagnosis repair. The technicians were unable to repair the computer and returned it to the Alberta store. The Organization reported that the hard drive of the computer was packed separately and placed in a box with the computer at the time of shipping (on or around January 10, 2019). The box was …
P2019-ND-109

The Helicopter Association of Canada

On September 18, 2018, an unidentified party gained access to an employee?s email account. The unidentified party applied a forwarding rule and copied the contents of the employee?s email account. The cause of the incident is a phishing email containing a malicious link that was received by the employee. The breach was discovered on October 11, 2018, when the employee sent an internal email to her assistant and received a bounce back message stating that …
P2019-ND-108

Crawford & Company (Canada) Inc.

On December 19, 2018, an informational email was sent to advise interested parties about upcoming workshops being offered in relation to a class action settlement for the Schools for the Deaf. Due to employee error, the recipient email addresses were inadvertently included in the ?To? field of the email resulting in the email addresses being visible to recipients. The breach was discovered the same day.
P2019-ND-107

Midwest Surveys Inc.

On November 9, 2018, the Organization implemented a mail merge to send employees their options for their WSA registration. After starting the mail merge, the Organization immediately received some responses from employees indicating they received someone else’s information. The merge was cancelled and attempts were made to recall the emails; however, this was not successful.
P2019-ND-106

BEL USA LLC

On November 16, 2018, the Organization discovered that an unauthorized change had been made to its DiscountMugs.com website. The Organization investigated, and learned that unauthorized code was inserted into the shopping cart page designed to collect information customers entered on that page. On December 20, 2018, the investigation determined that orders placed by credit or debit cards between August 5, 2018 and November 16, 2018, may have been impacted by the unauthorized code.
P2019-ND-105

Welk Resort Group

On or around August 2, 2018, the Organization learned of unusual activity related to an employee email account and immediately began an investigation to confirm the security of its network and determine the nature and scope of this event. The Organization learned that an unauthorized actor(s) was able to gain access to the employee’s email account. Based upon available forensic evidence, the email account was subject to unauthorized access between July 24, 2018 and August …
P2019-ND-104

Data Facts, Inc.

On November 5, 2018, the Organization learned that an employee?s email account was accessed by an unknown party. That account contained personally identifiable information provided by clients for the purpose of conducting background checks. The Organization reported it has no evidence to suggest that private information was misused; however, ??the possibility that emails and/or attachments in the account were viewed by the unauthorized party could not be ruled out”. On December 7, 2018, the Organization?s …
P2019-ND-103

North 40 Outfitters

On or about November 8, 2018, the Organization identified suspicious activity regarding its online payment processing platform. On or about December 14, 2018, the Organization?s forensic investigation determined that customer credit and debit card information for transactions that occurred on its e-commerce website between February 2, 2018 and November 20, 2018 may have been subject to unauthorized access and/or acquisition.
P2019-ND-102

United Active Living Inc.

On February 26, 2019, a staff member was emailing information about rent breakdowns to residents/family members. The staff member inadvertently sent an email to two families that included attachments with information about other residents. The breach was discovered on February 27, 2019 when one of the recipients contacted the Organization.
P2019-ND-101

The Brenda Strafford Foundation Ltd.

On February 5, 2019, a ransomware virus was introduced into the Organization?s network. The virus encrypted the main hosts, VMs and Primary backup store. The virus was not detected and due to the nature of the virus, logs were also lost due to encryption. The breach was discovered the same day due to performance changes to systems and detection of ransomware encryption notes.
P2019-ND-100

The Empire Life Insurance Company

On January 29, 2019, the Organization sent a package containing 225 investment statements for 100 customers, via courier, to the office of a financial advisor. The package was left on the advisor’s doorstep as there was no tracking number or signature required.
P2019-ND-099

RGF Integrated Wealth Management Ltd.

On February 7, 2019, the Organization discovered that an Advisor’s online account credentials had been compromised, resulting in unauthorized access to their email account. As a result, phishing emails (which appeared to come from the Advisor) were sent to 8 Alberta residents. The emails included links which ultimately, requested the recipient to enter their email credentials. The unauthorized user may have been able to access the contents of the Advisor’s email account. The email account …
P2019-ND-098

London Drugs Limited

On around March 13, 2018, a customer notified the Organization that she found data on her hard drive belonging to another customer. The customer notified the other customer directly about the data disclosure. Both customers had brought their computers to the Organization for servicing. The Organization is investigating, but suspects that when the service technician copied the data over to the store’s encrypted hard drive for storage, he failed to subsequently clear data off the …
P2019-ND-097

C.L.C. Donald Wellness Group o/a Forward Psychology and Wellness Group

On or around November 23, 2018, a laptop computer and other items were stolen from a vehicle belonging to the owner of the organization. The laptop was password protected; there was no encryption or other security measures. An email account was accessible via the laptop and did not require a password in order to gain access. The email account contained communications with the information at issue. The Organization initially reported that it believed the thieves …
P2019-ND-096

Shafik Hirani’s Private Wealth Management Practice of Aligned Capital Partners

An employee left his cell phone at a sporting event the evening of December 9, 2018. Although client information was not saved on the cell phone, email communication between clients and the employee would have been retained for what the Organization believes to be a period of less than 2 weeks. The Organization used its email archiving system to analyze the content of all emails sent to and from the employee’s email address for that …
P2019-ND-095

Connect Society

On January 28, 2019, an emergency backpack with first aid kit and emergency information for preschoolers was accidentally left at the school playground. The teacher who left the backpack at the playground discovered it was missing the next day when she returned to the playground. She searched the area where she had left it and could not find it.
P2019-ND-094

Alberta Medical Association

Between February 4, 2019 and February 8, 2019, an employee was processing benefit cheques and corresponding benefit statements. Due to a duplexing error, some clients inadvertently received their own statement, as well as information related to another client. The incident was discovered on February 7, 2019, when a client emailed the Organization informing it of the error and requesting a new statement be issued. On February 8, 2019, another client left a voicemail message reporting …
P2019-ND-093

Entrust Disability Services, as reported by Box Clever

The Organization is a web design company. The Organization reported the following with respect to the website www.entrustdisabilityservices.ca: Issue #1: Directory Access Upon investigation of the issue, it was determined that between December 27, 2018 and January 11, 2019 a server misconfiguration allowed for directories on websites to be indexed. This created the potential for certain files to be accessed that should not have been. When this misconfiguration was discovered on January 11 it was …
P2019-ND-092

The Glencoe Club

On January 20, 2019, an employee took home rosters for children’s swimming lessons. The rosters were in a binder, the binder was in a bag, and the bag was left in the employee’s personal vehicle overnight. At some point over the course of the night the employee (and others) had their vehicle broken into and the bag was removed. The incident was discovered on January 21, 2019. The personal information has not been recovered.
P2019-ND-091

RSM Alberta LLP

On November 15, 2018, the Organization discovered that its Calgary office had been burglarized. The Organization investigated and determined that a hard drive was stolen during the burglary on or around November 11, 2018. The hard drive appears to have contained some electronic files relating to tax services the Organization provides to a handful of clients.
P2019-ND-090

Calgary French & International School

On January 28, 2019, the Organization mailed a T4 to a former employee.? On January 30, 2019, the Organization received an email from the former employee stating that she had received, in a window envelope, what she believed to be her T4 for 2018. She reported that her Social Insurance Number (SIN) was visible to others because of the use of the window envelope. The former employee returned the envelope, unopened, to the Organization. The …
P2019-ND-089

Ascensia Diabetes Care Holdings AG

The Organization provides and operates an application for mobile devices to measure blood glucose level through a connected blood glucose meter. The application synchronizes data with the Organization?s servers in the cloud to allow customers to use their data with further mobile devices which are also synchronized with the servers. The Organization reported that ?Penetration testing conducted on 16 October 2018 revealed a vulnerability as a consequence of which we cannot exclude that third parties …
P2019-ND-088

TeenSafe

For certain time periods between February 1, 2018 and May 19, 2018, personal information about users on the Organization?s application server was publicly accessible. Although the server was not generally known outside the Organization?s development team, the breach was identified by a reporter who was apparently looking for vulnerabilities in the Organization?s systems. The Organization was made aware of the issue on May 18, 2018. The Organization reported that it has no evidence that the …
P2019-ND-087

Bayer Inc. / Bayer AG

A SIRIUS file directory was created on May 4, 2018 by a service provider to the Organization. On June 11, 2018, the Organization was informed by a third party of a possible personal data breach with respect to the file directory, such that it was freely available on the internet. On June 12, 2018, the Organization notified the service provider of the breach, and access to the directory was closed. The directory logfiles showed two …
P2019-ND-086

Advantage Financial Services

On March 7, 2018, the Organization discovered that its offices had been broken into the previous night. The Organization determined that a number of items had been stolen, including a computer. The computer was password protected and the biometric facial reader was activated. There was a separate password to access the email application. The Organization stated it was highly unlikely that any personal information was stored locally on the computer and its internal investigation of …
P2019-ND-085

RevUp Group, LLC d/b/a RevUp Sports

On May 31, 2018, the Organization became aware that an unauthorized third part(ies) gained access to the Organization?s system and installed one or more files that may have collected personal information from customers who made credit card purchases via the Organization?s website. The Organization reported that it has not discovered any evidence indicating that the affected information was downloaded or exfiltrated from the Organization?s network, but the Organization has been unable to definitively rule out …
P2019-ND-084

WFG Dealer Connect, as reported by WFG Securities Inc.

On September 19, 2018, a trade document containing a client?s personal information along with redemption instructions was sent by fax from an advisor?s branch office in Alberta to the Organization. The document was intercepted at some point and the banking information initially provided was replaced and submitted directly to the fund company by fax for processing. This was an attempt to redirect funds to an unknown third party?s account with another bank. The breach was …
P2019-ND-083

Calgary French & International School

On November 20, 2018, a staff member accessed a report containing personal information on the Hour Zero?s school emergency program website. The Hour Zero program automatically sent an email to all staff notifying them that their personal information had been viewed. The incident was discovered on November 20, 2018 when the Organization?s Privacy Officer received an email alert from Hour Zero. The Hour Zero program has a pop-up that reads, ?You are about to view …
P2019-ND-082

Tickets.Expert LLC

On September 26, 2018, the Organization was informed by its vendor that provides an add-on to websites (Shopper Approved), that the computer code Shopper Approved uses to facilitate customer reviews had been compromised. The vulnerability was patched and malicious code was immediately replaced, but there was a short period of time of potential exposure of personal information. The security problem was noticed by the vendor on September 15, 2018 and fixed on September 17, 2018. …
P2019-ND-081

Don Best Sports Corporation and DBS Canada Corporation, a subsidiary of Scientific Games Corporation

n December 21, 2018, during the course of conducting a cyber risk assessment of the Don Best network infrastructure prior to integrating that environment into the Organization?s network, the Organization discovered that, between October 12, 2018 and October 28, 2018, Don Best had been the subject of a malware attack that resulted in an unauthorized individual gaining access to a Don Best customer database. While the unauthorized user was able to view data, based on …
P2019-ND-080

The Japan Foundation – Toronto

On September 30, 2018, the Organization?s third-party website developer failed to save a portion of the back-end of the website as viewable by “admin only”, such that the page and a link were viewable by the public. At the time of the breach, there were 200 fake names included for the purpose of testing, but the list also included people who signed up for the test September 28, 2018. The Organization?s staff discovered the incident …
P2019-ND-079

Free Speech Systems, LLC

On November 13, 2018, the Organization discovered unauthorized code on its website. The unauthorized code was removed and an investigation was launched. An investigation determined that the unauthorized code was added by an unauthorized individual so that payment card information entered by purchasers on the e-commerce website was copied and sent to an unauthorized server. The code was added on November 12, 2018 and removed November 13, 2018.
P2019-ND-078

McKenzie Lake Community Association

On December 11, 2018, an employee took information for children in the Organization?s Before & After School program and transferred it from her company phone to her personal phone. The breach was discovered on January 9, 2019, when parents complained to the Organization as to why the employee was now sending emails from her personal email.
P2019-ND-077

The Canadian Kennel Club

On December 1, 2018, a former member of the Discipline Committee reported being able to access a discipline file following a search on the Organization?s public website. The Organization?s IT group determined that disciplinary, appeals and registration files could be accessed through the ‘search’ functionality on the public website. An investigation found that the breach occurred in June 2018 when the Organization implemented a new website and, due to human error, the accessibility settings were …
P2019-ND-076

Prudent Benefits Administration Services Inc.

The Organization is a third party administration firm and was creating portals for clients. During the process, the website was populated with the wrong certificate numbers which allowed some individuals to see personal information of a fellow union member. The incident occurred between December 27, 2018 and January 7, 2019. The incident was discovered on January 4, 2019 when a member contacted the Organization to report she accessed the portal and could see another person’s …
P2019-ND-075

Legal Aid Alberta

On September 27, 2018, a legal assistant with the Organization emailed documentation to the opposing party in a legal proceeding. Inadvertently, the email was also sent to another client who was not a party to the legal proceeding. Subsequent emails were sent using ?reply all?, such that the unauthorized recipient continued to be copied on correspondence. On October 27, 2018, the unintended recipient contacted the lawyer on the file to ask that he not be …
P2019-ND-074

Kinsted Wealth

On January 23, 2019, a phishing email was sent to the Organization?s employees. One employee opened the email and, as a result, the attacker gained access to client information in that employee?s email contact file. The attacker then sent out phishing emails to a limited number of clients from the employee?s contact list.
P2019-ND-073

Kingdom Animalia d.b.a. Hourglass Cosmetics

After learning of a potential issue with its online e-commerce website, www.hourglasscosmetics.com, the Organization conducted an investigation. The investigation determined that, from approximately July 3, 2018 to January 30, 2019, unauthorized third parties had the ability to access information of customers who had made a purchase on the site.
P2019-ND-072

Rennline Automotive

The Organization operates the e-commerce store rennline.com. On January 18, 2019, the Organization discovered suspicious code on the website. An investigation determined that the unauthorized code was added by an unauthorized individual so that payment card information entered by purchasers on the e-commerce website was copied and sent to an unauthorized server. The code was active between May 28, 2018 and June 13, 2018, June 15, 2018 and July 12, 2018, July 20, 2018 and …
P2019-ND-071

Fearless Faith Inc.

On January 30, 2019, the Organization discovered that an unknown third party had obtained access to the Organization?s Drop Box account. The Organization investigated and determined that the unauthorized access may have begun on or about February 8, 2018.
P2019-ND-070

Nerval Corporation

On January 31, 2019, the Organization mailed out employee T4 slips. The program then emailed out a second set of emails to all employees, but included a co-worker?s T4. All T4s are secured with a password. The incident was discovered on February 1, 2019 when the Organization received an email from a former employee stating that they had received someone else?s T4.
P2019-ND-069

Advocate Sherman Hospital

In October 2018, the Organization received a letter from Bullhorn, Inc.’s Jobscience, one of the Organization?s former job application management and employee onboarding service providers, notifying the Organization of an incident. The Organization understands from Jobscience that on or around May 8, 2018, an unauthorized third party gained access to data contained on Jobscience’s server used to process employee application information and exfiltrated the database of one of Jobscience’s service applications. Jobscience learned about the …
P2019-ND-068

Midwest Surveys Inc.

On or about January 15, 2019 a staff member’s personal Gmail account was phished. The Organization reported the account ??likely contained [the employee?s] work password, they planted a pdf on the individual’s work OneDrive that they then shared out to some clients and employees in the address book. The second, third and fourth person opened the shared file and entered their user and password, their account was considered compromised at that point?. The Organization reported …
P2019-ND-067

Servus Credit Union Ltd.

On January 27 and January 28, 2019, an unauthorized individual was able to successfully access two different member?s accounts. The breaches occurred as a result of poor authentication practice, contrary to the Organization?s policy. The breaches resulted in a financial loss. The breaches were discovered on January 28 and 29, 2019 respectively when the unauthorized individual contacted the Organization and was unable to successfully complete authentication.
P2019-ND-066

Servus Credit Union Ltd.

On December 20, 2018, the Organization was notified that an unauthorized individual was able to successfully access a member?s account and update information on the account. The breach occurred as a result of poor authentication practice, contrary to the Organization?s policy. The affected individual suffered a financial loss. The incident was discovered on December 21, 2018, when the Organization contacted the actual member to confirm an outgoing e-transfer.
P2019-ND-065

Preferred Hotel Group

On June 6, 2017, the Organization was notified by its third party reservation service provider, Sabre Hospitality Solutions, that an unauthorized party gained access to the SynXis Central Reservations system. The service provider?s investigation found that the unauthorized party first obtained access to unencrypted payment card and other reservation information on August 10, 2016. The last access was on March 9, 2017.
P2019-ND-064

The International Council of Shopping Centers

On August 18, 2017, the Organization received a report regarding payment card activity that caused it to investigate and subsequently identify unauthorized computer code that was added to the code that operates the checkout page of the website at www.icsc.org. The Organization initially reported that the code may have been present and capable of capturing information entered during the checkout process from March 24, 2017 to August 18, 2017. Additional findings from the investigation indicate …
P2019-ND-063

Quarry Wealth Management Ltd. / Raintree Financial Solutions

On July 4, 2016, the Organization realized an employee?s email account had been breached, resulting in a phishing email sent to email addresses in the employee?s Outlook contacts. In addition a rule was set up in the Outlook account, which redirected all incoming emails to the deleted items folder. The incident is believed to have resulted when the employee clicked on a phishing email on November 20, 2015. As a result, the Organization suspects the …
P2019-ND-062

Carecana Management Corp.

On December 22, 2016, an email intended for an investor, and enclosing a Statement of Account, was sent to the wrong email address. The incident was the result of an administrative error. The error was discovered on January 5, 2017, when the intended recipient?s representative contacted the Organization to ask about the Statement of Account.
P2019-ND-061

Mayfield Management Group Ltd.

A break-in occurred at the Organization?s office sometime between October 15, 2016 and October 17, 2016. The theft was discovered on October 17. Files containing personal information about residents were stolen.
P2019-ND-060

Vistara Conway, Registered Psychologist

Between September 26 and September 27, 2018, a vehicle was stolen from a residence, along with personal items and a client file lock-box (with a combination lock type). The portable lock box contained client files with the information at issue. On October 5, 2018, police retrieved the stolen vehicle, but the lock box and personal belongings were missing. On October 12, 2018, a member of the public emailed the Organization to report they had the …
P2019-ND-059

HSBC lnvestDirect, a division of HSBC Securities (Canada) Inc.

On April 3, 2018, a client contacted the Organization to complain that his T4RSP and annual report had been sent to the wrong address. The Organization discovered the client?s mailing address had been updated incorrectly on March 28, 2017. The Organization requested that the unauthorized recipient return the documents to the Organization or shred them and confirm with the Organization when he/she did so. However, the Organization did not obtain said confirmation. The information has …
P2019-ND-058

Canon Medical Systems Canada Limited

On April 30, 2018, and May 1, 2018, two employees notified the Organization that they had received letters mailed to their home addresses. The letters appeared to be from the Ontario government, in connection with ?Ontario?s pay transparency legislation 2017?, and included a spreadsheet listing other employees? personal information and a column comparing certain employees? pay relative to other employees with the same title. The Organization investigated and found no evidence of any external intrusion …
P2019-ND-057

ACTIVE Network

The Organization provides a platform to host online registration and payment services for athletic races and similar events. In October 2017, the Organization became aware of suspicious activity on one of its systems through social media activity, customer complaints and reports from the card brands.The Organization investigated and determined the suspicious activity related to transactions manually keyed in by users while checking out on the Organization?s website, and that an unauthorized third party may have …
P2019-ND-056

Sun Life Assurance Company of Canada

On May 29, 2018, due to an administrative error, a group plan member was able to access another group member?s personal information by logging into the Organization?s mobile app or the secure member website. A member reported the incident to the Organization. The error occurred when assigning the group benefits plan member identification number. The incident affected 45 members; of these, 7 members had accessed the secure site on May 29, 2018.
P2019-ND-055

Westlake Chemical Corporation (formerly Westlake Management Services, Inc.)

On May 29, 2018, the Organization?s benefits provider (Sun Life Financial) informed the Organization that, due to an administrative error, a group plan member was able to access another group member?s personal information by logging into the benefit provider?s mobile app or the secure member website. The incident was discovered on May 29, 2018 when a member reported the breach to the benefits provider.
P2019-ND-054

SMS Equipments Inc.

On March 11, 2019, an external job candidate, who had been referred by a current employee, attended pre-employment drug and alcohol testing for a safety sensitive position. The candidate was unsuccessful. The hiring manager was notified that the candidate was unsuccessful. The hiring manager then spoke to the employee who referred the candidate and told him ?that his friend failed the drug test?. The incident was discovered when the hiring manager contacted the recruiter to …
P2019-ND-053

Acquis Consulting Group, LLC

On November 12, 2018, the Organization discovered a potential security incident. An investigation found that an employee email account had been accessed by an unauthorized actor. The Organization reported the incident occurred between ?June 30-June 2, 2018 [sic]?. On November 12, 2018, the Organization learned that certain personal information was contained in the email account. On December 8, 2018, the Organization found that the personal information of Albertans was potentially involved.
P2019-ND-052

Last Callum Corp.

The Organization reported the incident as follows: ?Home break in, purse stolen with a notebook inside that had payroll information?. The breach occurred on December 19, 2018 and was discovered the same day.
P2019-ND-051

GoldSilver, LLC

On November 20, 2018, the Organization was alerted to a potential security incident in which an attacker demanded an extortion payment or he would release certain customer information obtained from the Organization?s systems. The investigation determined that an unauthorized person obtained access to a database containing certain customer records between September 28, 2018 and November 20, 2018.
P2019-ND-050

Servus Credit Union Ltd.

On December 18, 2018, an unauthorized individual was able to successfully access a member?s account. The incident occurred when online banking access was granted over the phone via poor authentication practice by an agent of the Organization, contrary to posted policy. The affected individual suffered a financial loss.The incident was discovered on December 19, 2018, when the unauthorized individual contacted the Organization again and spoke to a different agent who refused access and contacted Corporate …
P2019-ND-049

Steele?s Transfer Ltd. and Steele?s Total Logistics Ltd. o/s Steele?s Transportation Group

On November 18, 2018, the Organization discovered that it was the victim of a ransomware attack. The Organization retained third party computer forensic experts to investigate and assist with decryption. The investigation found that the threat actor?s activities were limited to encrypting files and that there was no evidence that any files were accessed, viewed or exfiltrated, with one exception: the threat actors clicked on an existing shortcut on November 18, 2018, which linked to …
P2019-ND-048

Tapestry Music Ltd.

In early and mid-December 2018, the Organization was notified by a few of its customers that their information had been accessed. On December 17, 2018, the Organization?s IT Consultant confirmed that it had discovered backdoors on the Organization?s website, www.tapestrymusic.com. The threat actors first gained access on September 15, 2017 by attacking plugins, which allowed access to the website and customer database.
P2019-ND-047

Oakhampton Court Corporation CDC1

The Organization reported that, during a Board meeting, an employee?s salary, benefits, WCB and medical information was discussed as part of assessing the employee?s continued employment. An individual, who was a Board member at the time of the meeting, shared the employee?s information with previous Board members, as well as the employee. The Organization said it warned the individual not to discuss ?classified? information outside of the Organization?s current Board members. The Organization reported the …
P2019-ND-046

Petrowest Corporation, Petrowest GP Ltd., Petrowest Civil Services LP, Petrowest Construction LP, Petrowest Transportation LP, Petrowest Services Rentals LP, Petrowest Environmental Services LP, Trans Carrier Ltd. and CJM Trucking Ltd.

On or about February 22, 2018, the Organizations noted their systems had been infected with ransomware essentially making them unavailable/inaccessible. Malicious actors had access to the Organizations? IT systems and data for about eight hours. All systems were backed up but the backup servers were also infected and there were no current off line backups. The mail server was not infected. However, the Organizations? mail database was hosted on a file server which was infected, …
P2019-ND-045

Legal Aid Alberta

On November 2, 2015, an employee who was acting as duty counsel at the Courthouse had his tablet stolen. The information at issue was stored on the tablet. The Organization does not have any records indicating whether the tablet was encrypted; however, it said the practice at the time would have been to encrypt mobiles and laptop devices and have a strong password. The employee believes the device had encryption software. The breach was discovered …
P2019-ND-044

TALX Corporation and Honeywell International Inc., as reported by TALX Corporation

TALX Corporation provides certain payroll related services to Honeywell International Inc. which allows Honeywell’s employees to access electronic copies of T4 and RL-1 tax forms through an online portal website. On February 8, 2017, TALX Corporation discovered that one or more persons reset the PINs and accessed the online portal accounts of a small number of current and former Honeywell employees. The resets were unauthorized, and the unauthorized person(s) may have accessed any of the …
P2019-ND-043

GlaxoSmithKline Inc., ViiV Healthcare ULC, ID Biomedical Corporation of Quebec, and GlaxoSmithKline Consumer Healthcare Inc.

In May and November 2016, an Excel spreadsheet was distributed via email for the purpose of ?conducting performance rating calibration meetings with people managers?. A hidden tab/sheet was inadvertently included in the spreadsheet. As a result, the recipients of the emails inadvertently received the personal information of employees for whom they were not the intended recipients. The incident was discovered when two recipients of the email discovered the hidden tab/sheet and logged incident reports on …
P2019-ND-042

GlaxoSmithKline Inc., ViiV Healthcare ULC, and ID Biomedical Corporation of Quebec

In May and November 2016, an Excel spreadsheet was distributed via email for the purpose of ?conducting performance rating calibration meetings with people managers?. A hidden tab/sheet that contained the information at issue was inadvertently included in the spreadsheet. As a result, the recipients of the emails inadvertently received the personal information of employees for whom they were not the intended recipients. The incident was discovered when two recipients of the email discovered the hidden …
P2019-ND-041

Franklin Templeton Investments Corp.

On February 19, 2016, the Organization inadvertently mailed tax slips to investors at invalid addresses. The addresses had been identified by the Organization as invalid where mailings had been returned because the investor had moved and failed to notify the Organization, or the investor had provided an inaccurate or incomplete address. The incident was discovered on August 22, 2016.
P2019-ND-040

Confederation Park Little League

On February 18, 2017, a former volunteer of the Organization sent an email to the Organization?s members informing them of a new baseball program (i.e. a new program that is a competitor to the Organization). The Organization had allowed volunteers to use their personal email addresses for their volunteer work. The former volunteer had a spreadsheet containing the information at issue, and used this to email the members about the new program. The former volunteer …
P2019-ND-039

Newegg Inc.

On September 18, 2018, the Organization became aware of a potential security incident involving unauthorized code on its website. Based on its investigation, the Organization believes an unauthorized party gained access to its network using malicious software and then used that access to place unauthorized code on the Organization?s website that handles customer transactions. The unauthorized code was designed to capture customer order information as it was entered, bypassing other technical controls in place to …
P2019-ND-038

Dufferin Construction Company, a division of CRH Canada Group Inc.

On September 26, 2018, an employee of the Organization was searching for internal policies when he noticed he was able to access an electronic folder titled “Human Resources” in the Organization?s shared drive. The employee immediately notified a Human Resources manager, who contacted IT. The proper accesses were restored the same day. The Organization believes that the permission settings on the folder were inadvertently altered on August 8, 2018 when a new Human Resource employee …
P2019-ND-037

Goodlife Fitness Centres Inc.

The Organization was testing a new membership database which would send membership contracts by email, and on March 1, 2018 the first live delivery of contra