![[Canada] Hacker takes responsibility for Giant Tiger data breach and release](http://globalpayrollassociation.com/cdn/shop/articles/bigstock--193674067_1200x.jpg?v=1713228885)
In Canada, a hacker has claimed responsibility for a data breach at Giant Tiger that led to the leak of millions of customers’ sensitive information, TechRadar reports.
BleepingComputer found and reported on a new thread on an underground forum titled “Giant Tiger Database - Leaked, Download!”. It included a post claiming, "In March 2024, the Canadian discount store chain Giant Tiger Stores Limited... suffered a data breach that exposed over 2.8 million clients. The breach includes over 2.8 million unique email addresses, names, phone numbers and physical addresses."
In addition to the information in the original post, the leaker reportedly claims that the database includes the “website activity” of Giant Tiger customers.
Giant Tiger has more than 260 stores and 10,000 employees. In 2021, it reported annual sales of approximately $2 billion.
In a statement to BleepingComputer, Giant Tiger seemingly confirmed the leak and attributed blame to an unnamed third party:
"On March 4, 2024, Giant Tiger became aware of security concern related to a third-party vendor we use to manage customer communications and engagement," the statement reads. “We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation."
"No payment information or passwords were involved."
Data of this nature is usually sold on the dark web but on this occasion, it was essentially given out for free. Individuals seeking to obtain it needed to spend just eight forum “credits”; a virtual currency earned by posting new threads, commenting and participating in forum activities.
Since the post, the database has reportedly been added to the HaveIBeenPwned? website. Nearly half (46 per cent) of the records were already said to be present on the site suugesting that some Giant Tiger customers had been compromised in the past, elsewhere.
Source: TechRadar
(Link and quotes via original reporting)
In Canada, a hacker has claimed responsibility for a data breach at Giant Tiger that led to the leak of millions of customers’ sensitive information, TechRadar reports.
BleepingComputer found and reported on a new thread on an underground forum titled “Giant Tiger Database - Leaked, Download!”. It included a post claiming, "In March 2024, the Canadian discount store chain Giant Tiger Stores Limited... suffered a data breach that exposed over 2.8 million clients. The breach includes over 2.8 million unique email addresses, names, phone numbers and physical addresses."
In addition to the information in the original post, the leaker reportedly claims that the database includes the “website activity” of Giant Tiger customers.
Giant Tiger has more than 260 stores and 10,000 employees. In 2021, it reported annual sales of approximately $2 billion.
In a statement to BleepingComputer, Giant Tiger seemingly confirmed the leak and attributed blame to an unnamed third party:
"On March 4, 2024, Giant Tiger became aware of security concern related to a third-party vendor we use to manage customer communications and engagement," the statement reads. “We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation."
"No payment information or passwords were involved."
Data of this nature is usually sold on the dark web but on this occasion, it was essentially given out for free. Individuals seeking to obtain it needed to spend just eight forum “credits”; a virtual currency earned by posting new threads, commenting and participating in forum activities.
Since the post, the database has reportedly been added to the HaveIBeenPwned? website. Nearly half (46 per cent) of the records were already said to be present on the site suugesting that some Giant Tiger customers had been compromised in the past, elsewhere.
Source: TechRadar
(Link and quotes via original reporting)