Loblaw confirms data breach - Canadian retail giant says 'basic customer information' affected

News
By published

Hackers access "non-critical part of the IT network" at Loblaw

Cyber-security
(Image credit: Getty Images)
  • Loblaw confirms cyberattack exposing customer contact data
  • Names, phone numbers, and emails stolen, but no passwords or financial info
  • Stolen details could fuel phishing attacks despite being “basic” data

Loblaw has suffered a cyberattack in which crooks stole customers’ basic contact information.

“Loblaw notified customers today that it is investigating a data breach,” it said. “After identifying suspicious activity on a contained, non-critical part of its IT network, the company has determined that a criminal third-party accessed some basic customer information such as names, phone numbers, and email addresses.”

In response to the breach, the company said it “secured its network and customer information,” without elaborating further.

Article continues below

Urging customers to be cautious

Loblaw did say it had logged out all of its users who, to use the services again, will need to log back in. It stressed that passwords, health information, or credit card data, were not touched.

This is likely why it didn’t reset people’s passwords, just logged them out.

Loblaw is Canada’s largest food and pharma retailer, with approximately 2,500 stores, including supermarkets, pharmacies, banking kiosks, and apparel shops, with plans of additional 70 locations this year. The company employs 220,000 people, and has an annual revenue of $45 billion.

While Loblaw described the stolen data as “basic information”, this is more than enough for cybercriminals to launch convincing phishing attacks. By impersonating Loblaw employees, crooks can trick victims into sharing sensitive data, login credentials, and more, escalating what appears to be a “basic” and almost harmless attack.

Therefore, customers are advised to be particularly cautious with incoming messages (email, SMS, social media) from people claiming to work for Loblaw. Phishing emails usually contain a sense of urgency, such as an expiring offer, or an account that is about to be suspended or terminated.

So far, no one claimed responsibility for the attack, and the data has not been found on the dark web yet.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.