Preparing for and Responding to Security Breaches

  • February 21, 2023
  • Roland Hung (Torkin Manes LLP)


T-Mobile recently discovered that it suffered a massive security breach in or around mid-January 2023. The result of the breach was that the personal information—including names, emails and birthdays —of more than 37 million customers were stolen. The security breach cost the company more than $350 million. For more information about the T-Mobile security breach, read Reuters’ January 20, 2023, article.

Similarly, SevenRooms, a popular “guest experience and retention platform” for food establishments and hospitality organizations, has confirmed it has fallen victim to a third-party vendor data breach. SevenRooms discovered that, from December 11 to December 15, 2022, an unauthorized individual was able to gain access to a third-party file transfer system used to share reservation information with SevenRooms. 

The T-Mobile and SevenRooms breaches are just two examples of recent breaches. In the 2022 Cost of a Data Breach Report (the “Report”) based on IBM Security analysis of research data compiled by Ponemon Institute, IBM found that for 83% of companies, it’s not if, but rather when a security breach will happen. Not only are security breaches happening more often, but security breaches are also costly. According to the Report, the average total cost of a data breach in Canada in 2022 was US$5.64 million.

In the wake of security breaches reported by T-Mobile and SevenRooms, now may be a good time for businesses to re-acquaint themselves with the applicable Canadian statutory framework for the protection of personal information, as well as implement or update policies and procedures around breach detection and notification.