Cyber Incident Victim: Qualinet

Early in the winter of 2024‑2025, Qualinet experienced a cyberattack that resulted in the theft of data from its systems. The company detected the breach and immediately activated its emergency response plan. A team of security specialists was mobilized to investigate the scope of the incident. Through their efforts, Qualinet was able to restore its operational systems quickly. The investigation confirmed that certain data had been exfiltrated during the attack.

In accordance with Quebec’s Law 25, Qualinet began the process of notifying affected clients about the data theft. Roger Vigneault, director of operations, stated that the company had been victim of a data theft despite having advanced security precautions in place. He emphasized that the disclosure was made in the interest of transparency and that Qualinet would continue to take all necessary protective measures. Éric Pichette, president of Qualinet, noted that many organizations treat cyberattacks as a taboo subject and explained his decision to go public to encourage broader awareness among business leaders. The case was handed over to the Service de police de la Ville de Québec for further investigation, and the Commission d’accès à l’information du Québec was also informed of the incident.

The theft of data triggered Qualinet’s legal obligations under Law 25, which requires organizations to implement governance rules for personal information and to inform individuals when their data is compromised. While the article does not specify the exact volume or type of data stolen, it confirms that some information was taken. Qualinet declined a request for an interview, limiting further public comment on the details of the breach. The incident aligns with a broader trend noted in a Canadian Internet Registration Authority survey from August 2024, which found that 44 percent of Canadian organizations reported having been victims of a cyberattack in the preceding twelve months.