Discount retailer Giant Tiger says contact information for some of its customers was compromised in an “incident” linked to a third-party vendor it uses.
Alison Scarlett, a spokesperson for the Ottawa-based discount retailer, said it would not name the vendor on Monday but said Giant Tiger uses the company to manage its customer communications and engagement.
Giant Tiger is working hard to resolve the issue “as quickly and openly as possible,” Scarlett said.
The retailer first learned of the security incident on March 4, and concluded that customer information was involved by March 15, the company wrote in an email to customers.
Once it became aware of the issue, Scarlett says Giant Tiger began contacting customers about the incident, urging them to exercise caution when opening emails and receiving phone calls.
The email indicated that the compromised information varied between customers. It included the names and email addresses of those who subscribe to Giant Tiger emails.
Loyalty members and those who placed online orders for in-store pickups might have had their names, emails and phone numbers compromised.
Some customers who placed online orders for home delivery may have had that same information plus their street addresses compromised.
Scarlett, the spokesperson, said the number of customers impacted by the breach correlates to each program and did not give a specific figure.
Latest Canadian org hit by cybersecurity incident
Scarlett says no payment information or passwords were part of the data compromised. The company said it has hired cybersecurity experts to help conduct an independent investigation.
Giant Tiger store systems and applications were also unaffected.
“We deeply regret that the incident occurred and remain committed to employing best practices to prevent these types of incidents,” Scarlett said in an email to The Canadian Press.
The breach impacting Giant Tiger is the latest in a string of cybersecurity incidents to hit Canadian organizations.
Indigo Books & Music, the LCBO, the Nova Scotia government, the Toronto Public Library and the City of Hamilton in Ontario have all fallen victim to cyber incidents over the last two years.