Key facts: The Centurion Project data breach
- Date reported: April 30, 2026
- Target entity: The Centurion Project
- Source of breach: Unknown, unauthorized third-party
- Data types: Voter list information, confidential information
- Status: Confirmed; reported on April 30, 2026.
- Severity: Medium; the incident involves the exposure of confidential voter data for millions of individuals, increasing the risk of targeted social engineering.
What happened in the Centurion Project data breach?
The Centurion Project (thecenturionproject.ca), an Alberta-based separatist group, was involved in a significant data breach reported on April 30, 2026. The incident centered on a database that was allegedly accessible to the public, prompting immediate investigations by Elections Alberta and the RCMP. No specific threat actor has been identified as being responsible for the exposure, which appears to stem from a database configuration issue or unauthorized access to sensitive records.
The database reportedly contained confidential voter information for up to three million Albertans, originating from a list provided to the Republican Party of Alberta in 2025. Following a court injunction, public access to the database was terminated, and the organization has been ordered to identify all individuals who accessed the data. This medium-severity incident highlights critical concerns regarding the management of political data and personal privacy. Such exposures typically lead to heightened risks of identity-related fraud and targeted phishing campaigns.
Who is behind the incident?
The attacker or cause of the incident has not been identified.
Impact and risks for Centurion Project customers
For the three million Albertans potentially affected by this breach, the primary risks include identity theft and highly targeted phishing. Because the exposed data involves voter lists, it likely contains names, addresses, and other identifiers that malicious actors can use to build detailed profiles for social engineering. While direct service disruption is unlikely for the individuals involved, the misuse of their confidential information remains a significant long-term concern.
Typical outcomes of such exposures include the unauthorized distribution of data on dark web marketplaces. To mitigate these risks, individuals should monitor their financial statements for unusual activity, update passwords for sensitive online accounts, and remain highly cautious of unsolicited communications. Transparency from investigating authorities is essential for helping the public understand the full scope of the exposure and necessary protective steps.
How to protect against similar security incidents
Given the exposure of confidential voter information at The Centurion Project, affected individuals should take immediate steps to secure their personal data and monitor for signs of misuse.
- Monitor for phishing and social engineering. Be skeptical of unsolicited emails, texts, or phone calls that reference your personal information or political affiliations. Do not click on links or download attachments from unknown or unverified senders.
- Enable multi-factor authentication. Implement phishing-resistant MFA on all sensitive accounts, including email, banking, and government portals. Use authenticator apps or hardware security keys rather than SMS-based codes whenever possible.
- Enroll in identity theft protection. Consider using a credit monitoring service to receive alerts regarding unauthorized changes to your credit report. Place a fraud alert on your credit files if you suspect your personal information has been compromised.
- Review attack surface management. Organizations should perform regular audits of database permissions to ensure sensitive information is not publicly accessible. Deploy continuous monitoring tools to detect misconfigured cloud storage or exposed digital assets.
Taking these proactive measures can significantly reduce the risk of secondary attacks following a data exposure incident.
Frequently asked questions
What happened in the Centurion Project security breach?
On April 30, 2026, The Centurion Project (thecenturionproject.ca) disclosed a security breach. According to initial reports, a database containing confidential voter information for up to three million Albertans was shut down following investigations by Elections Alberta and the RCMP.
When did the Centurion Project breach occur?
The The Centurion Project breach was publicly reported on April 30, 2026. The exact date of the attack has not been disclosed.
What data was exposed?
The types of data involved in The Centurion Project incident reportedly include confidential voter list information.
Is my personal information at risk?
If you interacted with The Centurion Project or are a registered voter in Alberta, there's a possibility your home address and other confidential voter identifiers were compromised. Stay alert for scammers contacting you while impersonating law enforcement, government entities, or other legitimate businesses.
What steps should companies take after being breached?
The Centurion Project has shut down the database following a court injunction. They have been ordered to identify individuals who accessed the list. Authorities are currently reviewing security measures and providing guidance to affected parties.
This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.
