Canadian cybersecurity incidents, policy changes, breaches, and emerging threats from March 2025 to present. Curated by the CyberSafe team.
Special Report
From SecTor to NorthSec, GoSec to BSides -- your comprehensive guide to 25+ cybersecurity conferences, summits, and events happening across Canada in 2026.
Read Full GuideApril 8, 2026
Latest analysis reveals emerging extortion tactics and an unprecedented spike in ransomware attacks targeting critical infrastructure sectors.
Read ArticleApril 5, 2026
New report documents coordinated attacks on Canadian critical infrastructure through compromised supply chain partners, raising alarm among federal agencies.
Read ArticleApril 3, 2026
Comprehensive guide to PIPEDA compliance requirements for 2026, including new enforcement expectations and best practices for Canadian organizations.
Read ArticleApril 2, 2026
Analysis of the most common cloud security misconfigurations that continue to expose Canadian business data and infrastructure.
Read ArticleMarch 2026
Microsoft released security updates addressing 79 vulnerabilities including 2 publicly disclosed zero-day vulnerabilities under active exploitation.
Read ArticleMarch 2026
Qilin led with 104 victims. Healthcare saw a devastating rise from 40 to 93 victims, with hospitals forced to cancel surgeries.
Read ArticleMarch 2026
Medical technology company targeted by destructive wiper malware aimed at permanently destroying data rather than ransoming it.
March 22, 2026
Comprehensive guide to implementing Zero Trust architecture, with Canadian case studies and best practices for enterprise deployment.
Read ArticleMarch 15, 2026
Analysis of the rising threat of AI-powered attacks and how Canadian organizations can defend against sophisticated machine learning-based threats.
Read ArticleFebruary 15, 2026
Canada's largest investor data exposure compromised SINs and financial records after an August 2025 phishing attack.
Read ArticleFebruary 2026
ShinyHunters acquired over 600,000 customer records including personal information and partial payment data.
Read ArticleFebruary 2026
An Indian subcontractor accessed sensitive court transcripts with security-critical data, despite staff flagging risks months earlier.
Read ArticleDecember 2025
GOLD BLADE conducted ~40 intrusions with custom QWCrypt ransomware, with an unusually narrow focus on Canadian targets.
Read ArticleDecember 2025
New threat outlook warns ransomware remains top cybercrime threat to Canada, with AI making attacks cheaper and faster.
Read ArticleDecember 2025
1,284 guest checkout customers had personal details and payment card data exposed between Dec 29, 2025 and Jan 22, 2026.
Read ArticleOctober 2025
E-commerce breach across Canadian Tire, SportChek, Mark's, and Party City exposed 38-42M customer records.
Read ArticleOctober 2025
Breach from June 2025 disclosed in October. Names, birthdates, travel documents, and loyalty data of 1.2M passengers exposed.
Read ArticleAugust 2025
The phishing attack on CIRO that would eventually expose 750,000 investor records occurred in August 2025.
Read ArticleSeptember 2025
Third-party MFA provider 2Keys Corporation breached, affecting CRA, ESDC, and CBSA. Phishing SMS followed.
Read ArticleJuly 2025
New legislation requires critical infrastructure operators to implement mandatory cybersecurity programs and report incidents within 72 hours.
Read ArticleJune 2025
Vendor ransomware attack exposed home care patient data. Disclosure delayed by over two months, sparking political backlash.
Read ArticleMay 2025
Kingston school board breach exposed staff data dating back to 1998, plus current student and parent information.
Read ArticleApril 2025
Russia-linked threat actors breached the utility, stealing SINs, driver's licenses, bank details from 375,000 customers.
Read ArticleMarch 2025
"Securing Canada's Digital Future" adopts a whole-of-society approach with new certification programs for the defence sector.
Read ArticleMarch 2025
PLAY ransomware group shut down production at the historic New Brunswick manufacturer. Company refused to pay.
Read ArticleWith hundreds of breaches occurring monthly, proactive security is no longer optional. Let CyberSafe assess your defences before attackers do.
Request a Security AssessmentNovember 15, 2024
Major Canadian health authority targeted by ransomware, forcing urgent implementation of workarounds and emergency protocols across multiple facilities.
Read ArticleOctober 10, 2024
Ontario municipality hit by ransomware attack affecting public-facing services and digital infrastructure during critical operational periods.
Read ArticleOctober 25, 2024
Third-party app vulnerability on Shopify platform compromised personal and payment information of shoppers across Canadian e-commerce stores.
Read ArticleSeptember 15, 2024
Sophisticated phishing campaign targeting ATB Financial customers with credential harvesting techniques, affecting thousands of Albertans.
Read ArticleAugust 15, 2024
Ontario's government-run cannabis retailer impacted by breach exposing customer personal information and transaction history.
Read ArticleAugust 20, 2024
Major health organization Canadian Blood Services confirms data security incident affecting donor and patient information.
Read ArticleJuly 15, 2024
Major Canadian dental services provider confirms significant security breach exposing patient personal and health information nationally.
Read ArticleJune 10, 2024
Emerging ransomware operation Snatch focuses attacks on Canadian businesses, particularly in energy and manufacturing sectors.
Read ArticleJune 20, 2024
Professional regulation body for Ontario lawyers confirms breach affecting member information and confidential legal records.
Read ArticleMay 20, 2024
Ontario school system targeted by ransomware affecting thousands of students and staff, with sensitive educational records compromised.
Read ArticleApril 15, 2024
Canadian aerospace and defense manufacturer Bombardier confirms significant data security incident affecting employee and project information.
Read ArticleApril 28, 2024
Western Canada's largest independent retailer hit by significant cyberattack forcing extended store closures and operational shutdown.
Read ArticleMarch 15, 2024
Canada Revenue Agency warns of large-scale credential stuffing attacks targeting My Account portals, compromising taxpayer credentials.
Read ArticleFebruary 20, 2024
Royal Canadian Mounted Police confirm significant cyberattack affecting internal systems and operational networks nationwide.
Read ArticleFebruary 15, 2024
Canada's largest petroleum pipeline operator targeted by cyberattack, raising concerns about critical infrastructure vulnerability.
Read ArticleFebruary 25, 2024
Ontario city government hit by ransomware attack, disrupting public services and forcing IT infrastructure offline.
Read ArticleDecember 18, 2023
Major Canadian payment processing company targeted by cyberattack affecting merchant and customer payment data.
Read ArticleOctober 28, 2023
Canada's largest public library system hit by ransomware attack, forcing closure of locations and suspension of digital services.
Read ArticleJune 25, 2023
Petroleum company Petro-Canada hit by cyberattack affecting operations and customer information systems.
Read ArticleJune 15, 2023
Zero-day vulnerability in MOVEit Transfer file transfer software exploited worldwide, affecting hundreds of Canadian companies.
Read ArticleApril 15, 2023
Quebec's major electricity utility Hydro-Quebec confirms security breach affecting millions of customer personal information.
Read ArticleMarch 15, 2023
Canadian low-cost airline Flair Airlines hit by cyberattack exposing passenger personal information and travel records.
Read ArticleMarch 20, 2023
GTA airport authority hit by cybersecurity incident affecting passenger systems and operational infrastructure.
Read ArticleFebruary 15, 2023
Canada's largest bookstore chain Indigo targeted by ransomware attack affecting retail and online operations.
Read ArticleFebruary 20, 2023
Telus, Canada's largest telecom provider, confirms data security incident affecting millions of customers' personal information.
Read ArticleJanuary 15, 2023
Liquor Control Board of Ontario hit by cyberattack exposing customer personal and purchase information across the province.
Read ArticleJanuary 25, 2023
LastPass password manager security breach affecting thousands of Canadian businesses and individual users with stored credentials.
Read ArticleDecember 20, 2022
Toronto's Hospital for Sick Children hit by ransomware attack affecting patient care systems and forcing emergency protocols.
Read ArticleNovember 7, 2022
Sobeys, one of Canada's largest grocery retailers, hit by cyberattack affecting store operations and point-of-sale systems nationwide.
Read ArticleApril 18, 2022
Sunwing Airlines targeted by cyberattack, exposing passenger personal information and travel booking records across Canada.
Read Article