Financial Services / Insurance / Enterprise / Consumer
Canadian life insurance, retirement and group-benefits provider.
The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.
In April 2026 Canada Life identified a breach by ShinyHunters, who accessed data through a Canada Life employee's account as part of the Salesforce extortion campaign. The published dataset included over 200,000 unique email addresses with names, dates of birth, mailing addresses, gender, annual income levels and, in some cases, support tickets; the company notified up to about 70,000 individuals, mostly one corporate client's members.
Full threat analysis, exploitation vectors, and principal guidance below.
11 additional sections · verified field analysis · defensive doctrine
347k rows records analyzed
The Canada Life Assurance Company is a major Canadian insurer offering life insurance, retirement and group health and benefits products to individuals and employer groups.
A group-benefits insurer holds member identity and contact data, dates of birth, gender, and income levels used to determine group health and retirement benefits, plus support correspondence.
Canada Life continues to operate. It identified a 2026 cyber incident tied to the ShinyHunters Salesforce campaign, with most affected records belonging to one large corporate benefits client.
Canada Life faced regulatory notification in Canada and reputational exposure across its group-benefits book, with most impact concentrated in a single corporate customer's membership.
A financial-institution breach: account, wealth or payment data supports direct fraud and highly credible financial-impersonation scams. For a high-profile principal this is targeting-grade, not merely identity-theft-grade: the combination lets an adversary locate, impersonate, or pressure the principal with little additional work.
Motivation: Financial extortion, data sale
A prolific data theft and extortion group that began as a database theft and resale actor and evolved toward SaaS-focused extortion. Recent activity involves vishing, credential harvesting, SSO compromise, and theft of customer data from cloud and SaaS environments.
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation