Threat analysis, breach reports, and security guidance for Canadian businesses.
Major 2026 breaches affecting North America expose hundreds of millions of records across healthcare, education, financial, retail and telecommunications sectors. ShinyHunters emerges as prolific threat actor targeting cloud platforms and stealing credentials at scale.
Six major 2026 data breaches impacted millions of North Americans, including Canadian financial regulators and educators, U.S. healthcare systems, and global pharmaceutical suppliers. Attacks exploited phishing, third-party vendors, and social engineering to exfiltrate sensitive personal data ranging from medical records to investment details.
Six critical data breaches hit North America in 2026, spanning education, healthcare, and retail. Instructure's Canvas suffered the largest education-sector breach affecting 275 million users globally, while NYC Health and Hospitals exposed 1.8 million patients' data including biometrics.
Six significant data breaches in 2026 exposed millions of North American records across financial services, retail, education, and healthcare sectors. Credential theft via social engineering and voice phishing remained the primary attack vector.
Six major data breaches impacted North American organizations in 2026, ranging from educational platforms to retail and telecommunications. The attacks exploited social engineering, misconfigured systems, and third-party vulnerabilities affecting hundreds of millions of users and customers.
Six major 2026 data breaches targeted North Americans, exposing millions of personal and financial records across finance, technology, and retail sectors. Third-party vendor compromises and credential theft emerged as the dominant attack vectors across all incidents.
Six critical 2026 breaches spanning North America exposed millions of records through employee credential theft, ransomware, and third-party vulnerabilities. Canadian financial institutions and U.S. educational platforms faced significant incidents while global platforms like Canvas impacted institutions worldwide.
2026 saw major data breaches across North America with Canvas affecting Canadian universities, ADT and McGraw-Hill impacting millions of US customers, and global incidents at French government agencies. Supply-chain compromises and credential-based attacks emerged as dominant threat vectors.
In March 2026, HHS OCR settled a HIPAA investigation involving MMG Fusion, a dental software vendor whose 2020 breach a…
In September 2025, Ontario's Information and Privacy Commissioner issued the first administrative monetary penalty unde…
AssetMark financial data breach exposes Social Security numbers and financial accounts of 570,000 Americans. Delaware N…
This week saw major data breaches affecting millions, including Carnival Cruise Line's 6 million customer breach and on…
The ShinyHunters threat group escalated attacks this week targeting 275 million education records, 5.5 million ADT cust…
ShinyHunters breached Instructure's Canvas LMS affecting 275 million users at 8,809 institutions. Company paid ransom t…
BWH Hotels breach exposed guest emails and reservations for 6 months while Microsoft warns of massive credential theft …
US cybersecurity agency CISA exposed government credentials via GitHub while ShinyHunters targeted major platforms. Cri…
ShinyHunters breached Canvas LMS affecting 275 million users across 9,000 schools, while Medtronic and Cushman & Wakefi…
ShinyHunters' massive Instructure Canvas breach affects 9,000 North American schools and 275 million individuals, expos…
ShinyHunters targeted educational vendor Instructure, compromising Canvas systems used by 41% of North American schools…
Home security giant ADT confirmed threat actors stole personal data from 5.5 million customers, exposing names, address…
An analysis of 214 confirmed breach incidents affecting Canadian small and mid-size businesses in Q1 2026. Credential exposure remains the leading initial access vector.
Privileged client data, high-value transactions, and underfunded IT departments make legal practices disproportionately targeted by credential-based campaigns.
OSFI's B-10 guideline sets expectations for technology and cyber risk management. We break down what federally regulated financial institutions need to demonstrate.
Your risk score is a composite of 19 weighted signals. Here's what each band means, how severity is calculated, and what actions to prioritize at each level.
Research shows the median time from credential dump publication to first unauthorized access attempt is under 48 hours. What that means for your response timeline.
Under PIPEDA, organizations must report breaches that pose a real risk of significant harm. We outline the notification timeline, OPC reporting requirements, and documentation obligations.