The following incidents are organized chronologically in descending order (most recent first), with brief descriptions. This list excludes healthcare-related incidents and focuses on events from 2024 to April 2025, drawn from verified reports.
2025 Incidents
- April 21, 2025 – Association of Canadian Travel Agencies and Travel Advisors (ACTA), Mississauga, Ontario – Unauthorized access compromised systems of this travel industry association, potentially exposing member and client data.
- April 2025 – Limestone District School Board, Kingston, Ontario – A cyber attack disrupted school operations and network services, affecting educational access for students and staff.
- February 25, 2025 – City of Fort St. John, Fort St. John, British Columbia – Municipal government systems were hit by a cyber attack, impacting public services like permitting and administration.
- February 13, 2025 – Town of Hinton, Hinton, Alberta – A cyber incident affected local government operations, with details on data exposure under investigation.
- February 7, 2025 – Rainbow Schools, Greater Sudbury, Ontario – School board faced a cyber attack, leading to temporary shutdowns and enhanced security measures for student data.
- January 9, 2025 – New Brunswick Liquor Corporation (ANBL), Fredericton, New Brunswick – State-owned alcohol retailer suffered a cyber attack, disrupting sales and inventory systems.
2024 Incidents
- December 2, 2024 – Pembina Trails School Division, Winnipeg, Manitoba – Cyber attack on this school administration halted operations and exposed educational records.
- October 17, 2024 – Conseil scolaire Viamonde, Toronto, Ontario – French-language school board experienced a cyber incident affecting administrative and student systems.
- October 2024 – Canadian Revenue Agency (CRA), Ottawa, Ontario – An internal error caused a massive data leak, exposing personal information of over 2 million taxpayers, including Social Insurance Numbers and tax details.
- July 2024 – Suncor Energy, Calgary, Alberta – Ransomware attack on this major energy company disrupted operations and risked exposing employee and contractor data, including intellectual property.
- May 2024 – Ticketmaster (Canada operations), Various locations – Part of a global breach affecting over 560 million users, including Canadians; exposed names, emails, phone numbers, and payment details.
- April 2024 – BC Libraries Cooperative, Vancouver, British Columbia – Cyber incident disrupted library networks, affecting public access to digital resources.
- March 2024 – Sobeys, Stellarton, Nova Scotia – Grocery chain data breach affected 500,000 customers, exposing payment and loyalty information.
- March 3, 2024 – Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Ottawa, Ontario – Cyber incident at the anti-money laundering agency risked financial intelligence data.
- March 2024 – AT&T (Canada customers affected), Various locations – Breach exposed data of 73 million customers, including Canadians’ Social Security numbers and account details.
Summary of Most Common Types of Attacks
Based on the compiled incidents from 2024–2025, excluding healthcare, the most prevalent attack types in Canada include:
- Unauthorized Access/Data Breaches (~50%) – Frequent in government and financial sectors (e.g., CRA, FINTRAC, ACTA), often due to internal errors or weak authentication, exposing personal and financial data (e.g., 2 million taxpayers’ data in CRA leak).
- Ransomware (~20%) – Targeted critical infrastructure (e.g., Suncor Energy) and retail (e.g., Sobeys), causing operational disruptions and data exposure.
- Cyber Incidents Disrupting Operations (~30%) – Affected educational and municipal systems (e.g., Pembina Trails, Conseil scolaire Viamonde, City of Fort St. John), often involving network shutdowns or data exposure risks.
These trends, drawn from the Cyber Centre’s insights and the listed reports, emphasize the need for robust patching, employee training, and multi-layered defenses to counter evolving threats. Canadians are encouraged to report suspicious activity to the Cyber Centre’s portal and stay informed via getcybersafe.gc.ca.
If you would like a complimentary security consultation, contact Bedrock IT at 613-702-5505, or email [email protected]. In the weeks ahead, we will have articles about how to deal with each type of security incident.
Ottawa, as the national capital, has many organizations for whom data security is essential. Don’t let your data or day-to-day work be interrupted by criminal cyber actors. Contact Bedrock IT today!