Saturday, April 13, 2024

Giant Tiger Data Breach: Customers Data Exposed Via Vendor

Giant Tiger, a prominent Ottawa-based discount retailer, has announced a breach of customer data.

This incident, linked to a third-party vendor responsible for managing the retailer’s customer communications and engagement, has put the personal information of an undisclosed number of customers at risk.

The Breach Unveiled

The security lapse was discovered on March 4, and Giant Tiger concluded by March 15 that customer information was indeed compromised.


Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

Alison Scarlett, a spokesperson for Giant Tiger, emphasized the company’s commitment to resolving the issue swiftly and transparently.

However, the identity of the implicated vendor remains undisclosed.

In response to the breach, Giant Tiger has been proactive in notifying affected customers and advising them to be vigilant about suspicious emails and phone calls.

The compromised data varies among customers but predominantly includes names, email addresses, and, for some, phone numbers and street addresses.

This information pertains to Giant Tiger’s email subscribers, loyalty members, and those who have placed online orders for in-store pickup or home delivery.

According to a recent report by CBC News, Giant Tiger, the discount retailer, has confirmed that its customer data was compromised due to a third-party breach. 

The Scope of the Breach

Scarlett refrained from providing a specific figure but indicated that the number of impacted customers correlates with each program’s enrollment.

This breach is part of a growing trend of cybersecurity incidents involving third-party vendors, a point highlighted by Ritesh Kotak, a cybersecurity technology analyst and lawyer based in Ontario.

Kotak warns that such breaches often occur when companies share data with third parties for marketing and advertising, leaving customers vulnerable if these partners lack robust cybersecurity and privacy protocols.

He advises those affected to monitor their accounts closely and be wary of phishing attempts designed to harvest further information or deceive them into making purchases.

In a recent tweet by NewsMarket Today, it was reported that Giant Tiger’s customer information was compromised in a data breach.

No Payment Information Compromised

It’s a small consolation that no payment information or passwords were included in the compromised data.

Giant Tiger has enlisted cybersecurity experts to investigate the breach independently.

The retailer assures that the incident did not affect its store systems and applications.

This incident adds Giant Tiger to the list of Canadian organizations hit by cybersecurity breaches in recent years, joining the ranks of Indigo Books & Music, the LCBO, the Nova Scotia government, the Toronto Public Library, and the City of Hamilton in Ontario.

Scarlett’s statement to The Canadian Press underscores Giant Tiger’s regret over the incident and its dedication to employing best practices to prevent future breaches.

As the digital landscape continues to evolve, so too does the complexity of protecting consumer data, highlighting the need for stringent cybersecurity measures across all sectors.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles