When the cyber incident was confirmed by our IT contractor on the morning of Friday, March 14, 2025, we immediately shut down the system and retained incident response services to assess and investigate the cyber incident. Forensic investigative steps and security monitoring have been and continue to be engaged.
We have been advised that the threat actor gained access to our servers and attempted to deploy ransomware into our system. Fortunately, the malicious access was shut down before the intended goal was achieved. However, the investigation team has been unable to confirm whether any records or information was exported or copied. As a result, we cannot rule out the possibility that some personal information may have been copied.
Since there was malicious access to our system which contains some of our current and previous clients and employees’ personal information (for example, full name and address, e-mail address, health and income documentation), we are providing notice of this potential privacy breach so that concerned persons can take whatever steps they feel are appropriate. To learn more about cyber fraud and cyber security, you can review the information posted by the Canadian Centre for Cyber Security at: www.cyber.gc.ca.
Please note that concerned persons have the right to retain independent legal counsel to obtain advice on the implications of the potential privacy breach.
Privacy is important to us. As a result, our firm is not only investigating the incident, but we have taken all necessary steps to restore our data from back ups and are now up and running with additional safeguards and cyber security monitoring in place.
As Manager of Operations, Colleen Burn is the partner directing our response to this incident. Should a concerned person have questions, or wish to discuss this further, please contact Colleen at 613-319-0626 or cburn@burntucker.com.