A threat actor using the moniker ‘ShopifyGUY' on BreachForums has leaked data claimed to have been stolen from Canadian discount retailer Giant Tiger.
Giant Tiger Stores Limited is a Canadian discount store chain known for selling a wide variety of products, including clothing, groceries, and household items, at competitive prices. Founded in 1961 in Ontario, it has grown substantially over the decades and now operates over 260 stores across Canada.
The breach, linked to a third-party vendor, was first acknowledged by Giant Tiger last month, but the data is now reportedly available for download, compromising personal details of numerous customers.
The breach initially came to light on March 4, 2024, when Giant Tiger became aware of unauthorized access to customer data through one of their third-party vendors. While the vendor's name has not been disclosed, the focus has been on the vendor's role in managing customer communications and engagement for Giant Tiger. Following the discovery, the company began notifying affected customers and urged caution regarding suspicious emails and phone calls.
On April 12, 2024, a new twist emerged as ShopifyGUY posted on BreachForums, a known platform for sharing hacked data. The hacker, who joined the forum in March 2024 and boasts a modest reputation, claims to have uploaded a database containing over 2.8 million email addresses and over 900,000 full customer records, including names, phone numbers, physical addresses, and purchase details. The full data is available for a nominal fee to registered members of the forum.
This incident raises significant concerns about data security practices involving third-party vendors, a common vulnerability point for many organizations. The data advertised includes detailed customer information, extending beyond the scope of what was initially reported by Giant Tiger. This discrepancy suggests that the breach could be more extensive than first understood, affecting a larger portion of Giant Tiger's customer base.
The exact method of the breach has not been detailed by either Giant Tiger or any security analysts publicly, but the involvement of a third-party vendor hints at possible lapses in data handling or security protocols between parties.
For Giant Tiger customers, this development is a stern reminder of the importance of vigilance in managing personal information. It's advisable to monitor financial statements and use credit monitoring services to detect potential misuse of stolen data. Changing passwords and being wary of phishing attempts using the disclosed information are also crucial steps.
Critical Zero-Day Flaw Threatens 82,000 PAN-OS Servers Worldwide
Leave a Reply