Cyber Incident Victim: MediaQMI Inc.

On September 2, 2017, Canoe.ca, a free news and entertainment portal operated by MediaQMI Inc. (previously owned by Sun Media Corp. until 2015), publicly disclosed a data breach affecting historical user databases. The compromised records spanned user activity from 1996 to 2008, with no evidence of unauthorized access to data collected after 2008. The breach exposed personal information of approximately one million Anglophone and Francophone users who had interacted with Canoe.ca during the twelve-year period. Compromised data fields included names, email addresses, mailing addresses, and telephone numbers provided through voluntary submissions for contests, forum participation, comment sections, or personal page hosting. Forensic analysis confirmed the absence of financial information such as credit card numbers or Canadian Social Insurance Numbers in the breached datasets.

Canoe.ca initiated an immediate investigation upon breach discovery on September 2nd, engaging external data security experts to remediate vulnerabilities and assess impact. The organization notified the Royal Canadian Mounted Police (RCMP), the federal Office of the Privacy Commissioner, and all relevant provincial privacy commissioners in compliance with Canadian breach disclosure requirements. Remediation efforts focused on securing legacy systems containing the historical data, though technical specifics regarding attacker methodology or intrusion timeline were not publicly disclosed. Impacted users received no confirmation of individual compromise beyond the general notification, with Canoe.ca establishing a dedicated phone line (1-833-370-2898) for inquiries. The breach exclusively affected data collected during Sun Media Corp.'s ownership period prior to the 2015 acquisition, with post-2008 operational systems remaining unaffected. Canoe.ca issued a formal apology acknowledging the incident's impact on user trust while emphasizing the historical nature of the compromised datasets.