What Happened
The Canada Life (canadalife.com) data breach occurred on April 18, 2026, when the ransomware group ShinyHunters compromised a single employee account to access a Salesforce environment at the Canadian financial services company, which provides insurance, investment, and retirement planning solutions. ShinyHunters claimed to have stolen over 5.6 million Salesforce records containing personally identifiable information (PII), though Canada Life confirmed exposure affecting up to 70,000 people, mostly customers, with the breach discovered on April 19-20, 2026; the group issued a “pay or leak” ultimatum by April 21. This incident highlights vulnerabilities in SaaS platforms like Salesforce, where inadequate segmentation and monitoring allowed one account to cascade into a major enterprise-level event involving rich PII, financial, and potentially health data.


