Notice of data security event
This notice relates to a data security event that FREEDIN & ROWELL LLP ("FREEDIN & ROWELL") discovered on April 2, 2024. FREEDIN & ROWELL was unable to directly notify a subset of the affected individuals because FREEDIN & ROWELL did not have valid contact information for them. This website notice serves as an indirect notification to this undeliverable population.
To determine whether you were affected by this event, please enter your first and last name into the below search bar. If our system indicates that you may have been impacted, we recommend that you contact us via the contact form below.
What Happened
On April 2, 2024, FREEDIN & ROWELL learned that certain FREEDIN & ROWELL data was contained in a data set published on March 30, 2024, on the dark web. Upon learning of the incident, we launched an investigation with the assistance of third party cybersecurity experts to determine if an unauthorized third-party had gained access to FREEDIN & ROWELL systems and, if so, the scope of the breach.
The investigation determined that an unauthorized third-party likely gained access to the FREEDIN & ROWELL data between January 7-10, 2023. The impacted personal information varied by person and may have included full name, mailing address, email address, phone number, client reference number, overdue billing amount and SIN number. Please note that most people did not have all of these data fields impacted.
We are committed to protecting the information entrusted to us. The breach of FREEDIN & ROWELL's security safeguards between January 7, 2023 and January 10, 2023, was mitigated through pre-planned security control changes, including the installation of an advanced Endpoint Detection and Response software solution, implementation of multifactor authentication and multiple credential resets for all FREEDIN & ROWELL users. When we learned that FREEDIN & ROWELL data was published on the dark web, we immediately took steps to secure our environment and started a thorough investigation. We also hired external experts to assess the situation, and we have implemented additional technical and procedural safeguards to further enhance the security of information in our possession.
We have reported this incident to law enforcement and to the appropriate government regulators, including the Offices of the Privacy Commissioner of Canada and Alberta, and the Commission d'accès à l'information du Québec.
We encourage you to remain vigilant against identity theft and fraud by staying alert for suspicious calls or emails, monitoring your affairs and monitoring your free credit reports for unusual activity and errors.