Fair Vote Canada, the Canadian national citizens' campaign for proportional representation, suffered a data breach that came to public attention on March 2, 2024. The incident was caused by a well-meaning volunteer who had been granted temporary access to historical organizational data for a specific task and who inadvertently moved a 2020-era supporter dataset to an external website that lacked adequate security controls. The data remained exposed at the unauthorized location until Fair Vote Canada discovered the issue and acted to remove and delete the exposed records. The breach was indexed by Have I Been Pwned on October 21, 2024 and was reported in Canadian and international tech press shortly after.

The breach affected approximately 134,336 unique email addresses and the underlying supporter records associated with them. Compromised fields included names, email addresses, phone numbers, physical addresses, and, for some individuals, date and amount of donations made to Fair Vote Canada. No financial credentials or passwords were exposed. The dataset reflected supporter records as of 2020, meaning some individuals on the list may no longer have been active Fair Vote Canada supporters at the time of disclosure.

For affected supporters, the practical risk profile combines standard contact-data exposure with political-advocacy-specific concerns. The combination of name, address, phone number, and email address supports phishing and social-engineering campaigns. More distinctively, inclusion in the dataset confirms a Fair Vote Canada supporter relationship and, for donor-list individuals, confirms financial support for proportional-representation advocacy. This creates political-affiliation mapping risk, in which actors with political opposition to electoral reform could use the data to identify, profile, or target Fair Vote Canada supporters. Reported risks include targeted political harassment, doxxing, and influence-operation targeting of identified electoral-reform supporters. Affected individuals should remain alert to unsolicited contact referencing Fair Vote Canada or electoral-reform topics, monitor for unusual political messaging targeting their address or phone, and consider Have I Been Pwned exposure scans for any reused email or password combinations.

Maintains supporter and member data including names, email addresses, and engagement records tied to political advocacy activities, petitions, and campaign communications.

Following the breach, Fair Vote Canada acknowledged the incident publicly and apologized to affected supporters and donors. Co-Chairs Valerie Brooks and Steve Hindle issued a public statement expressing regret and emphasizing transparency in their response. Fair Vote Canada removed the exposed data from the unauthorized location, restricted database access to staff and contractors only, and adopted stricter digital security procedures going forward. Have I Been Pwned indexed the breach on October 21, 2024, and noted that 83 percent of the affected email addresses had previously appeared in other breaches. Queen's University IT Services subsequently force-expired passwords for any Queen's account holder whose credentials appeared in connection with the leak.