May 1, 2026 More than three million Alberta voter records have been exposed after data from Elections Alberta was allegedly shared beyond its intended use, not through a cyberattack but through authorised access. The database was publicly accessible for several days before being taken offline by court order, raising concerns that the information may already have been copied or redistributed.
The data, including names, home addresses, postal codes, phone numbers and voting districts, came from the official List of Electors, which is legally distributed to registered political parties for election-related use. Authorities believe the list was provided to the Republican Party of Alberta and later accessed by a separatist-linked group, Centurion Project, which made it searchable online.
Officials stress that there is no evidence of a breach of government systems. Instead, the incident appears to involve authorised access followed by alleged improper sharing.
The scope of the information heightens the risk, as the voter list contains not just basic identity data but also unique identifiers and electoral details, which critics say could be used for targeted outreach, harassment or other misuse beyond politics. As pro-Canada campaigner Thomas Lukaszuk noted, “Once it’s out, you can’t put that genie back in the bottle.”
Gordon McClure moved quickly to contain the situation, securing a court injunction to force the database offline after receiving credible evidence of the leak. Elections Alberta also uses tracing techniques, including seeded fake names, to identify how voter lists are distributed and detect misuse.
The incident has also drawn attention to a broader regulatory gap. Political parties in Alberta are not subject to the same privacy laws as private-sector organisations, despite having access to similarly sensitive personal data. Critics argue this creates systemic risk, particularly as digital tools make copying and sharing large datasets trivial.
