In a notice by Loblaw Companies Limited the company said it detected suspicious activity this week and found that a criminal third party accessed basic customer information including names phone numbers and email addresses.
KEY FACTS
- Incident Breach of a contained non critical IT network
- Data exposed Names phone numbers and email addresses
- Customer action All customers were automatically logged out and must sign in again
- Financial systems PC Financial not impacted according to the disclosure
The activity was detected earlier this week and an investigation was opened.
Per the disclosure the incident was limited to a contained non critical segment of the network.
The exposed information is personally identifiable information and could be used in phishing attacks and other fraudulent activity.
Per the disclosure all customers were automatically logged out and must sign in again. Account holders are advised to change their passwords when they next access the retailer’s digital services.
Per the disclosure the investigation so far has not found evidence that financial information health information or account passwords were compromised.
WHY IT MATTERS
The exposure of names and contact details increases the risk of phishing and impersonation attempts. Customers should monitor communications and update credentials when they next sign in.