Fair Vote Canada 2024 Data Breach

Fair Vote Canada Electoral Reform Organization Breach (2024): 134K Member Contact Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

n/a (accidental exposure by volunteer)MisconfigurationGovernmentDonation HistoryEmail AddressFull NamePhone NumberPhysical Address
High SeverityWebsite / service breach

Fair Vote Canada Electoral Reform Organization Breach (2024): 134K Member Contact Records Exposed

Canadian electoral reform advocacy organization

Verified by ObscureIQ Intelligence
65/100Breach Risk Index
25Data Value
25Market Recency
553dSince Breach

Breach Intelligence Summary

Entity: Fair Vote Canada · Actor: n/a (accidental exposure by volunteer) · Sources: 2 references
Attack: Misconfiguration
Profile: Nonprofit · Political advocacy and electoral reform · Civic engagement and policy advocacy group · Canada
Timeline: Breach (2024-03-02) · Indexed (Oct 21, 2024) · Year (2024)
Exposure: 134K records · 5 fields: Donation History, Email Address, Full Name, Phone Number, Physical Address
Status: Confirmed

Executive Summary

Fair Vote Canada, the Canadian national citizens' campaign for proportional representation, suffered a data breach that came to public attention on March 2, 2024. The incident was caused by a well-meaning volunteer who had been granted temporary access to historical organizational data for a specific task and who inadvertently moved a 2020-era supporter dataset to an external website that lacked adequate security controls. The data remained exposed at the unauthorized location until Fair Vote Canada discovered the issue and acted to remove and delete the exposed records. The breach was indexed by Have I Been Pwned on October 21, 2024 and was reported in Canadian and international tech press shortly after. The breach affected approximately 134,336 unique email addresses and the underlying supporter records associated with them. Compromised fields included names, email addresses, phone numbers, physical addresses, and, for some individuals, date and amount of donations made to Fair Vote Canada. No financial credentials or passwords were exposed. The dataset reflected supporter records as of 2020, meaning some individuals on the list may no longer have been active Fair Vote Canada supporters at the time of disclosure. For affected supporters, the practical risk profile combines standard contact-data exposure with political-advocacy-specific concerns. The combination of name, address, phone number, and email address supports phishing and social-engineering campaigns. More distinctively, inclusion in the dataset confirms a Fair Vote Canada supporter relationship and, for donor-list individuals, confirms financial support for proportional-representation advocacy. This creates political-affiliation mapping risk, in which actors with political opposition to electoral reform could use the data to identify, profile, or target Fair Vote Canada supporters. Reported risks include targeted political harassment, doxxing, and influence-operation targeting of identified electoral-reform supporters. Affected individuals should remain alert to unsolicited contact referencing Fair Vote Canada or electoral-reform topics, monitor for unusual political messaging targeting their address or phone, and consider Have I Been Pwned exposure scans for any reused email or password combinations.

ObscureIQ assessment: Exposure creates political affiliation and ideology mapping risk. Data can be used for targeted harassment, profiling, or influence operations. Elevated sensitivity due to civic participation signals and potential downstream misuse in political targeting.

Breach Impact

The institutional impact on Fair Vote Canada was meaningful given the political-advocacy context and the donor-data sensitivity, though the organization avoided regulatory penalties because the incident was an inadvertent volunteer error rather than a malicious breach. Canadian privacy authorities under PIPEDA were notified, and Fair Vote Canada's disclosure was generally regarded as transparent and timely. Reputational impact concentrated within the Canadian electoral-reform community, where donor trust is essential to ongoing fundraising and grassroots organizing. The case has been cited within Canadian nonprofit governance discussions as a leading example of volunteer-access risk and the importance of role-based data access controls. Some donors and supporters expressed anxiety about the political-affiliation implications of the leak, particularly given that donor-history data confirms financial support for a specific political-reform position.

About Fair Vote Canada

Fair Vote Canada is a Canadian national nonpartisan citizens' campaign that advocates for proportional representation and broader electoral reform in Canada. Founded in 2001, the organization operates as a registered Canadian nonprofit and coordinates volunteer chapters, public-education campaigns, petitions, and grassroots advocacy work in support of changing Canada's first-past-the-post electoral system. Fair Vote Canada is co-chaired by Valerie Brooks and Steve Hindle. As a political-advocacy nonprofit, Fair Vote Canada maintains supporter and donor records including names, contact details, donation history, petition signatories, and engagement records tied to political advocacy activities, public-comment campaigns, and electoral-reform organizing.

Why They Hold Your Data

Maintains supporter and member data including names, email addresses, and engagement records tied to political advocacy activities, petitions, and campaign communications.

Recent Developments

Following the breach, Fair Vote Canada acknowledged the incident publicly and apologized to affected supporters and donors. Co-Chairs Valerie Brooks and Steve Hindle issued a public statement expressing regret and emphasizing transparency in their response. Fair Vote Canada removed the exposed data from the unauthorized location, restricted database access to staff and contractors only, and adopted stricter digital security procedures going forward. Have I Been Pwned indexed the breach on October 21, 2024, and noted that 83 percent of the affected email addresses had previously appeared in other breaches. Queen's University IT Services subsequently force-expired passwords for any Queen's account holder whose credentials appeared in connection with the leak.

Data Points Exposed

5 verified field types
Donation History
Email Address
Full Name High
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Moderate
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Targeted political harassment & doxing
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification

Threat Actor: n/a (accidental exposure by volunteer)

n/a (accidental exposure by volunteer)
Misconfiguration

Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Fair Vote Canada breach?

Fair Vote Canada, the Canadian national citizens' campaign for proportional representation, suffered a data breach that came to public attention on March 2, 2024. The incident was caused by a well-meaning volunteer who had been granted temporary access to historical organizational data for a…

What data was exposed?

Verified fields include Donation History, Email Address, Full Name, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation