Giant Tiger Data Breach: Customers Data Exposed Via Vendor

Giant Tiger, a prominent Ottawa-based discount retailer, has announced a breach of customer data.

This incident, linked to a third-party vendor responsible for managing the retailer’s customer communications and engagement, has put the personal information of an undisclosed number of customers at risk.

The Breach Unveiled

The security lapse was discovered on March 4, and Giant Tiger concluded by March 15 that customer information was indeed compromised.

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :

• The problem of vulnerability fatigue today
• Difference between CVSS-specific vulnerability vs risk-based vulnerability
• Evaluating vulnerabilities based on the business impact/risk
• Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

Book Your spot

Alison Scarlett, a spokesperson for Giant Tiger, emphasized the company’s commitment to resolving the issue swiftly and transparently.

However, the identity of the implicated vendor remains undisclosed.

In response to the breach, Giant Tiger has been proactive in notifying affected customers and advising them to be vigilant about suspicious emails and phone calls.

The compromised data varies among customers but predominantly includes names, email addresses, and, for some, phone numbers and street addresses.

This information pertains to Giant Tiger’s email subscribers, loyalty members, and those who have placed online orders for in-store pickup or home delivery.

According to a recent report by CBC News, Giant Tiger, the discount retailer, has confirmed that its customer data was compromised due to a third-party breach. 

The Scope of the Breach

Scarlett refrained from providing a specific figure but indicated that the number of impacted customers correlates with each program’s enrollment.

This breach is part of a growing trend of cybersecurity incidents involving third-party vendors, a point highlighted by Ritesh Kotak, a cybersecurity technology analyst and lawyer based in Ontario.

Kotak warns that such breaches often occur when companies share data with third parties for marketing and advertising, leaving customers vulnerable if these partners lack robust cybersecurity and privacy protocols.

He advises those affected to monitor their accounts closely and be wary of phishing attempts designed to harvest further information or deceive them into making purchases.

In a recent tweet by NewsMarket Today, it was reported that Giant Tiger’s customer information was compromised in a data breach.

No Payment Information Compromised

It’s a small consolation that no payment information or passwords were included in the compromised data.

Giant Tiger has enlisted cybersecurity experts to investigate the breach independently.

The retailer assures that the incident did not affect its store systems and applications.

This incident adds Giant Tiger to the list of Canadian organizations hit by cybersecurity breaches in recent years, joining the ranks of Indigo Books & Music, the LCBO, the Nova Scotia government, the Toronto Public Library, and the City of Hamilton in Ontario.

Scarlett’s statement to The Canadian Press underscores Giant Tiger’s regret over the incident and its dedication to employing best practices to prevent future breaches.

As the digital landscape continues to evolve, so too does the complexity of protecting consumer data, highlighting the need for stringent cybersecurity measures across all sectors.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.