Sunday, February 9, 2025
Homecyber securityGiant Tiger Data Breach: Customers Data Exposed Via Vendor

Giant Tiger Data Breach: Customers Data Exposed Via Vendor

Published on

SIEM as a Service

Follow Us on Google News

Giant Tiger, a prominent Ottawa-based discount retailer, has announced a breach of customer data.

This incident, linked to a third-party vendor responsible for managing the retailer’s customer communications and engagement, has put the personal information of an undisclosed number of customers at risk.

The Breach Unveiled

The security lapse was discovered on March 4, and Giant Tiger concluded by March 15 that customer information was indeed compromised.

Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

Alison Scarlett, a spokesperson for Giant Tiger, emphasized the company’s commitment to resolving the issue swiftly and transparently.

However, the identity of the implicated vendor remains undisclosed.

In response to the breach, Giant Tiger has been proactive in notifying affected customers and advising them to be vigilant about suspicious emails and phone calls.

The compromised data varies among customers but predominantly includes names, email addresses, and, for some, phone numbers and street addresses.

This information pertains to Giant Tiger’s email subscribers, loyalty members, and those who have placed online orders for in-store pickup or home delivery.

According to a recent report by CBC News, Giant Tiger, the discount retailer, has confirmed that its customer data was compromised due to a third-party breach. 

The Scope of the Breach

Scarlett refrained from providing a specific figure but indicated that the number of impacted customers correlates with each program’s enrollment.

This breach is part of a growing trend of cybersecurity incidents involving third-party vendors, a point highlighted by Ritesh Kotak, a cybersecurity technology analyst and lawyer based in Ontario.

Kotak warns that such breaches often occur when companies share data with third parties for marketing and advertising, leaving customers vulnerable if these partners lack robust cybersecurity and privacy protocols.

He advises those affected to monitor their accounts closely and be wary of phishing attempts designed to harvest further information or deceive them into making purchases.

In a recent tweet by NewsMarket Today, it was reported that Giant Tiger’s customer information was compromised in a data breach.

No Payment Information Compromised

It’s a small consolation that no payment information or passwords were included in the compromised data.

Giant Tiger has enlisted cybersecurity experts to investigate the breach independently.

The retailer assures that the incident did not affect its store systems and applications.

This incident adds Giant Tiger to the list of Canadian organizations hit by cybersecurity breaches in recent years, joining the ranks of Indigo Books & Music, the LCBO, the Nova Scotia government, the Toronto Public Library, and the City of Hamilton in Ontario.

Scarlett’s statement to The Canadian Press underscores Giant Tiger’s regret over the incident and its dedication to employing best practices to prevent future breaches.

As the digital landscape continues to evolve, so too does the complexity of protecting consumer data, highlighting the need for stringent cybersecurity measures across all sectors.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...