Data Breach

Canada Life Data Breach April 2026 - What Was Exposed and What To Do

237,810 records exposed

The Canada Life data breach exposed 237,810 records including Email addresses, Job titles, Names, Phone numbers, Physical addresses, Salutations, Support tickets. This breach has been verified by HaveIBeenPwned. Affected users should check HaveIBeenPwned.com and take immediate steps to protect their accounts.

What Happened

In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group. The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets. In their disclosure notice, Canada Life advised that "it is a small proportion of our customers who may have been impacted". In the wake of the incident, Canada Life also published an alert cautioning customers to be wary of phishing attacks, a pattern often seen after the public release of breached data.

Breach date
2026-04-20
Records affected
237,810
Verified
Yes
Domain
canadalife.com

What Was Exposed

The following data types were included in the breach:

  • Email addresses
  • Job titles
  • Names
  • Phone numbers
  • Physical addresses
  • Salutations
  • Support tickets

What You Should Do

If you had an account with Canada Life, take these steps immediately:

  1. Check if your account was affected at HaveIBeenPwned.com
  2. Watch for phishing emails that reference the breach or impersonate the affected company
  3. Be alert for social engineering attempts using your exposed personal information
  4. Enable two-factor authentication on the affected service if available
  5. Consider using a password manager to generate unique passwords for each service

FAQ

Was my data in the Canada Life breach?
Check HaveIBeenPwned.com to see if your email address was included in the Canada Life breach. The breach exposed 237,810 records containing Email addresses, Job titles, Names, Phone numbers, Physical addresses, Salutations, Support tickets.
What should I do if my data was exposed in the Canada Life breach?
Change your password on the affected service immediately. Enable two-factor authentication. If financial data or government IDs were exposed, place a fraud alert with credit bureaus and monitor your accounts for unauthorized activity.
When did the Canada Life data breach happen?
The Canada Life breach occurred on 2026-04-20. It was added to the HaveIBeenPwned database on 2026-05-13. The breach affected 237,810 accounts.

Need Incident Response?

Sherlock Forensics investigates data breaches for organizations. We determine scope of exposure, identify attack vectors, preserve evidence for legal proceedings and help you meet notification requirements.

Get Incident Response Help