Data Breaches

Canadian Tire has confirmed that the personal information of some customers was impacted in a data breach. The retailer notes that it discovered a vulnerability in one of its e-commerce databases on October 2. The database stores data of those with online accounts with Canadian Tire, as well as the…

The California Privacy Protection Agency, the state’s main data privacy regulator, just announced its largest fine yet – a record-setting $1.35 million – against an employer that it found to have violated job applicant and consumer privacy rights. Today’s announcement marks the first-ever enforcement action involving job applicants, kicking off…

Key takeaways What’s happened? The Carney government has revived expansive cyber security rules under Bill C-8, which aims to strengthen the compliance requirements for federally regulated critical infrastructure sectors, including banking, transportation, energy, and telecommunications. Why does it matter? The cyber protection obligations for “designated operators” that carry out vital…

As of February 1, 2023, public bodies in British Columbia (B.C.) will be required to report privacy breaches and have privacy management programs. The two provisions are the last to come into force from amendments made to B.C.’s Freedom of Information and Protection of Privacy Act in November 2021. Mandatory breach reporting…

A post on a “well-known hacking community forum” claims almost half a billion WhatsApp records have been breached and are up for sale. The post, which multiple sources have confirmed is likely to be true, claims to be selling an up-to-date, 2022 database of 487 million mobile numbers used on…

You would have had to be living under a rock to have missed all the political turmoil in the U.K. over the past few weeks concerning the U.K. government’s “mini-budget.” In essence, even the staunchest government allies now accept it was a mistake to make changes to the U.K. tax…

This podcast series, intended for private sector companies doing business in Québec, dives into the requirements of Act 25 coming into force on September 22, 2022. Candice Hévin and Marie-Eve Jean, from our Privacy & Data Protection Group, lead the discussions on the changes to the private sector regime, namely the amendments to the…

Uber’s former security officer, Joe Sullivan, is standing trial this week in what is believed to be the first case of an executive facing criminal charges in relation to a data breach. The US district court in San Francisco will start hearing arguments on whether Sullivan, the former head of security at…

Arnprior Regional Health says a cyber attack compromising data dating back decades has taken place. The health network says they became aware of the hack on its IT system on Dec. 21, 2021. Information including names, dates of birth, contact information, health card numbers, recent hospital visits, and diagnoses. ARH…

Facebook’s parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches. The security lapses in question, which appear to have affected up to 30 million Facebook users, date back several years — and had been disclosed…