Giant Tiger Data Breach: Customers Data Exposed Via Vendor

Giant Tiger, a prominent Ottawa-based discount retailer, has announced a breach of customer data.

This incident, linked to a third-party vendor responsible for managing the retailer’s customer communications and engagement, has put the personal information of an undisclosed number of customers at risk.

The Breach Unveiled

The security lapse was discovered on March 4, and Giant Tiger concluded by March 15 that customer information was indeed compromised.

Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

Alison Scarlett, a spokesperson for Giant Tiger, emphasized the company’s commitment to resolving the issue swiftly and transparently.

However, the identity of the implicated vendor remains undisclosed.

In response to the breach, Giant Tiger has been proactive in notifying affected customers and advising them to be vigilant about suspicious emails and phone calls.

The compromised data varies among customers but predominantly includes names, email addresses, and, for some, phone numbers and street addresses.

This information pertains to Giant Tiger’s email subscribers, loyalty members, and those who have placed online orders for in-store pickup or home delivery.

According to a recent report by CBC News, Giant Tiger, the discount retailer, has confirmed that its customer data was compromised due to a third-party breach. 

The Scope of the Breach

Scarlett refrained from providing a specific figure but indicated that the number of impacted customers correlates with each program’s enrollment.

This breach is part of a growing trend of cybersecurity incidents involving third-party vendors, a point highlighted by Ritesh Kotak, a cybersecurity technology analyst and lawyer based in Ontario.

Kotak warns that such breaches often occur when companies share data with third parties for marketing and advertising, leaving customers vulnerable if these partners lack robust cybersecurity and privacy protocols.

He advises those affected to monitor their accounts closely and be wary of phishing attempts designed to harvest further information or deceive them into making purchases.

In a recent tweet by NewsMarket Today, it was reported that Giant Tiger’s customer information was compromised in a data breach.

No Payment Information Compromised

It’s a small consolation that no payment information or passwords were included in the compromised data.

Giant Tiger has enlisted cybersecurity experts to investigate the breach independently.

The retailer assures that the incident did not affect its store systems and applications.

This incident adds Giant Tiger to the list of Canadian organizations hit by cybersecurity breaches in recent years, joining the ranks of Indigo Books & Music, the LCBO, the Nova Scotia government, the Toronto Public Library, and the City of Hamilton in Ontario.

Scarlett’s statement to The Canadian Press underscores Giant Tiger’s regret over the incident and its dedication to employing best practices to prevent future breaches.

As the digital landscape continues to evolve, so too does the complexity of protecting consumer data, highlighting the need for stringent cybersecurity measures across all sectors.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range of…

14 hours ago

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting U.S.…

23 hours ago

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the notorious…

24 hours ago

MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool in…

1 day ago

Threat Actors Use AiTM Attacks with Reverse Proxies to Bypass MFA

Cybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks, leveraging…

1 day ago

Threat Actors Target Critical National Infrastructure with New Malware and Tools

A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term…

1 day ago