Giant Tiger, a Canadian discount retailer, has disclosed that the personal data of some of its customers could suffer compromised information after an alleged cybersecurity incident tied to its third-party service provider.
A spokesperson for the company declined to identify the affected vendor but specified that the company relies on the vendor to manage customer communications and engagement.
Moreover, the company emphasised their dedication to resolving the issue transparently and swiftly. They allegedly alerted the security breach on March 4 and confirmed the involvement of customer data by March 15.
The Canadian discount retailer has already reached out to the potentially affected individuals to notify them about the incident.
Giant Tiger has proactively contacted affected customers, urging them to exercise caution with unwanted communications in emails and phone calls. As of now, the confirmed compromised data varies among customers.
Some of the affected individuals had their names and email addresses exposed; others who are loyalty members or made online orders for in-store pickups might have had additional information, such as phone numbers compromised.
Similarly, those who executed home delivery transactions may have had their street addresses compromised as well.
The company representative refrained from disclosing the exact number of impacted customers, mentioning that it relates to each program affected. On the other hand, some Canadian researchers highlighted the increasing frequency of third-party breaches, often occurring when companies share data with third parties for marketing purposes.
Hence, they urge companies and customers to be more vigilant, advising affected users to monitor their accounts closely and be cautious of other cybercriminal activities. These activities could include phishing attempts, as the compromised data includes details allowing actors to execute targeted attacks.
Giant Tiger assured customers that no payment information or passwords were compromised. The Canadian discount retailer has employed a security provider that can help them investigate the breach independently. This move would allow the company to reassure its customers that its store systems and applications remain unaffected.
Expressing regret over the incident, Giant Tiger claimed they will commit to implementing robust preventive measures. This breach is the latest addition to a series of cybersecurity incidents affecting various Canadian organisations, underlining the growing challenge of protecting customer data.
