• Home
  • cyber
  • Loblaw and Telus Digital: Canada Life breach exposes data of up to 70,000 people – mostly customers
cyber Breach

Loblaw and Telus Digital: Canada Life breach exposes data of up to 70,000 people – mostly customers

Apr 17, 2026 2 min read
Loblaw and Telus Digital: Canada Life breach exposes data of up to 70,000 people – mostly customers

Canada Life Cyber Incident Exposes Personal Data of Up to 70,000 Individuals

Canada Life has confirmed a cybersecurity incident involving unauthorized access to customer data through a compromised employee account. The breach, detected in recent weeks, exposed personal information including names, addresses, dates of birth, phone numbers, and account numbers for up to 70,000 individuals, primarily employees covered under a large corporate group benefits plan. Payment details and passwords were not compromised.

The attack was traced to the criminal group ShinyHunters, which gained access via a subcontractor’s account linked to Freedom Mobile’s platform. Canada Life has engaged third-party cybersecurity experts to investigate and has notified authorities. While the company stated the incident was contained and operations remain unaffected, affected individuals will be contacted directly and offered free credit monitoring.

The breach follows a pattern of recent cyber incidents in Canada, including a Loblaw breach exposing basic customer data (names, emails, and phone numbers) and a Telus Digital intrusion also attributed to ShinyHunters. Earlier in 2025, a phishing attack disclosed in August revealed a far larger compromise than initially reported, affecting 750,000 investors with sensitive financial data.

Canada Life emphasized its commitment to customer protection and is working to assess the full scope of the impact. The incident underscores the growing threat of cyberattacks targeting employee accounts and third-party vulnerabilities in corporate systems.

Source: https://www.hrreporter.com/focus-areas/compensation-and-benefits/canada-life-breach-exposes-data-of-up-to-70000-people-mostly-customers/394331

Loblaw Companies Limited cybersecurity rating report: https://www.rankiteo.com/company/loblaw-companies-limited

TELUS cybersecurity rating report: https://www.rankiteo.com/company/telus

"id": "LOBTEL1776782580",
"linkid": "loblaw-companies-limited, telus",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '70,000',
                        'industry': 'Insurance',
                        'location': 'Canada',
                        'name': 'Canada Life',
                        'type': 'Insurance/Financial Services'}],
 'attack_vector': 'Compromised employee account via third-party subcontractor',
 'customer_advisories': 'Affected individuals will be contacted directly and '
                        'offered free credit monitoring',
 'data_breach': {'number_of_records_exposed': '70,000',
                 'personally_identifiable_information': 'Names, addresses, '
                                                        'dates of birth, phone '
                                                        'numbers, account '
                                                        'numbers',
                 'sensitivity_of_data': 'High (PII)',
                 'type_of_data_compromised': 'Personal information (names, '
                                             'addresses, dates of birth, phone '
                                             'numbers, account numbers)'},
 'description': 'Canada Life has confirmed a cybersecurity incident involving '
                'unauthorized access to customer data through a compromised '
                'employee account. The breach exposed personal information '
                'including names, addresses, dates of birth, phone numbers, '
                'and account numbers for up to 70,000 individuals, primarily '
                'employees covered under a large corporate group benefits '
                'plan. Payment details and passwords were not compromised.',
 'impact': {'data_compromised': 'Personal information (names, addresses, dates '
                                'of birth, phone numbers, account numbers)',
            'identity_theft_risk': 'High (offered free credit monitoring)',
            'operational_impact': 'Operations remain unaffected',
            'payment_information_risk': 'None (payment details not '
                                        'compromised)'},
 'initial_access_broker': {'entry_point': 'Compromised subcontractor account '
                                          'linked to Freedom Mobile’s '
                                          'platform'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'root_causes': 'Third-party vulnerability '
                                           '(subcontractor account '
                                           'compromise)'},
 'references': [{'source': 'News Article'}],
 'response': {'communication_strategy': 'Affected individuals will be '
                                        'contacted directly and offered free '
                                        'credit monitoring',
              'containment_measures': 'Incident contained',
              'law_enforcement_notified': 'Yes',
              'third_party_assistance': 'Engaged third-party cybersecurity '
                                        'experts'},
 'threat_actor': 'ShinyHunters',
 'title': 'Canada Life Cyber Incident Exposes Personal Data of Up to 70,000 '
          'Individuals',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.