Incident Types: The types of cybersecurity incidents that have occurred include Breach, Data Leak and Cyber Attack.

Detection and Response: The company detects and responds to cybersecurity incidents through an law enforcement notified with ottawa police, and remediation measures with employees reminded of their obligation not to communicate or store sensitive information on trello boards or any other unauthorized digital tool or service., and and remediation measures with under review by the office of the privacy commissioner of canada, and and third party assistance with federal security partners, and and remediation measures with collaboration with air operators to mitigate consequences..

Common Attack Types: The most common types of attacks the company has faced is Breach.

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Unpatched and decommissioned server.

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal, Confidential, , Personal Information, , Name, Person Record Identifier (Pri), Date Of Birth, Home Address, Salary Range, , Software Bugs, Security Plans, Server Passwords, Official Internet Domains, Conference Calls, Event-Planning System Details, , Licence Plates, Related Information, and Personal information (details unspecified).

Third-Party Assistance: The company involves third-party assistance in incident response through Federal security partners, .

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Employees reminded of their obligation not to communicate or store sensitive information on Trello boards or any other unauthorized digital tool or service., , Under review by the Office of the Privacy Commissioner of Canada, Collaboration with air operators to mitigate consequences.

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Under review by the Office of the Privacy Commissioner of Canada and Maine attorney general.

Key Lessons Learned: The key lessons learned from past incidents are Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information.Ensure contracts include security safeguards for the protection and retention of personal information.

Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage..

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Public Disclosure, and Source: The Canadian PressDate Accessed: 2025-09-17, and Source: Winnipeg Free PressDate Accessed: 2025-09-17, and Source: Office of the Privacy Commissioner of Canada (OPC) Breach Report, and Source: Maine Attorney General Breach Letter.

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Transport Canada is working with air operators to mitigate potential consequences..

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Federal Security Partners, .

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools., Mitigation efforts to prevent similar incidents in the future.

Last Attacking Group: The attacking group in the last incident were an Anonymous and Unspecified bad actors.

Most Recent Incident Detected: The most recent incident detected was on 2023-08-20.

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-09-17.

Most Significant Data Compromised: The most significant data compromised in an incident were Personal, Confidential, , Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, , Name, Person Record Identifier (PRI), Date of Birth, Home Address, Salary Range, , software bugs, security plans, server passwords, official internet domains, conference calls, event-planning system details, , Licence plates, Related information, and .

Most Significant System Affected: The most significant system affected in an incident was canada.caCSIS website and Trello boards and Cloud-based software provider (third-party).

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was federal security partners, .

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Licence plates, Confidential, Date of Birth, software bugs, conference calls, Related information, Name, Personal, security plans, Salary Range, event-planning system details, server passwords, official internet domains, Person Record Identifier (PRI) and Home Address.

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.4M.

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Under review by the Office of the Privacy Commissioner of Canada and Maine attorney general.

Most Significant Lesson Learned: The most significant lesson learned from past incidents was Importance of applying adequate security controls to protect information and assets, and the need to avoid using unauthorized digital tools for sensitive information., Ensure contracts include security safeguards for the protection and retention of personal information.

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Ensure that all employees are trained on proper handling of sensitive information and that only authorized tools are used for communication and storage..

Most Recent Source: The most recent source of information about an incident are Public Disclosure, Office of the Privacy Commissioner of Canada (OPC) Breach Report, Maine Attorney General Breach Letter, Winnipeg Free Press and The Canadian Press.

Current Status of Most Recent Investigation: The current status of the most recent investigation is Under review by the Office of the Privacy Commissioner of Canada.

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Transport Canada is working with air operators to mitigate potential consequences., .

Most Recent Entry Point: The most recent entry point used by an initial access broker was an Unpatched and decommissioned server.

Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Misconfiguration of Trello boards leading to exposure of sensitive information., Lack of security safeguards in the contract; Unpatched and decommissioned server.

Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Remind employees of their obligation not to communicate or store sensitive information on unauthorized digital tools., Mitigation efforts to prevent similar incidents in the future.