Canada's Biggest Cybersecurity Breaches of 2025

Cyber threats are no longer a distant concern—they’re happening here and now, affecting some of Canada’s most trusted brands and institutions. In 2025, several major breaches have shaken industries from healthcare to aviation. Here are five of the most significant incidents, and why they matter to business leaders.

1. WestJet Data Breach: 1.2 Million Customers Exposed

In June 2025, WestJet, Canada’s second-largest airline, suffered a massive cyberattack that compromised the personal data of 1.2 million passengers. Hackers accessed names, birthdates, passport numbers, and travel details, raising serious concerns about identity theft and phishing risks. The breach was attributed to a sophisticated criminal group using social engineering tactics. WestJet responded with law enforcement collaboration and offered victims two years of identity theft monitoring.

2. Canadian Tire Retail Breach: 150,000 Accounts Impacted

A breach in Canadian Tire’s e-commerce database exposed sensitive customer information across its brands—SportChek, Mark’s, Party City, and Canadian Tire itself. The compromised data included names, addresses, emails, and encrypted passwords, with some accounts revealing full birthdates. While no financial data was directly usable, the incident highlighted vulnerabilities in retail systems and the importance of robust data governance.

3. Nova Scotia Power Cyber Incident

In April 2025, Nova Scotia Power and its parent company Emera faced a cyberattack that disrupted IT systems across their energy infrastructure. While the full scope of the breach remains under investigation, the incident raised alarms about the fragility of Canada’s energy grid and the growing threat to critical infrastructure. Businesses reliant on stable utilities should take note of the ripple effects such attacks can cause.

4. Healthcare Under Siege: Ontario Hospitals Targeted

Canada’s healthcare sector continued to be a prime target in 2025. Pembroke Regional Hospital in Ontario was forced to cancel appointments and procedures due to a cybersecurity incident. This followed a broader trend of ransomware attacks on hospitals, including previous breaches at SickKids and Newfoundland’s health network. These events underscore the life-or-death stakes of cybersecurity in healthcare and the need for national coordination.

5. Colabor Group Attack Disrupts Food Supply Chain

In July 2025, Quebec-based food wholesaler Colabor Group was hit by a cyberattack that disrupted operations and threatened supply chains. The incident affected order processing and logistics, causing delays for retailers and restaurants across Eastern Canada. For business owners, this breach is a reminder of how cyber incidents can cascade through supply chains, impacting customer satisfaction and revenue.

Final Thoughts

These breaches are more than headlines—for CTECH, they’re wake-up calls. Whether you run a small business or lead a national enterprise, cybersecurity must be part of your strategic planning. From protecting customer data to ensuring operational continuity, the stakes have never been higher. Investing in proactive defenses, employee training, and incident response planning is no longer optional—it’s essential.

CTECH has comprehensive cybersecurity services that are designed to keep you protected. If you have any questions, please contact us. We are standing by.