Giant Tiger discount stores report data breach
Learn More
Giant Tiger, a Canadian discount retailer, is reporting a cybersecurity incident that compromised customer information. The breach was identified on March 4th, 2024, stemming from a security lapse at a third-party vendor used by Giant Tiger for customer interaction management. I
The company engaged cybersecurity experts to conduct an independent investigation. The exposed customer data varies by individual but Giant Tiger claims it does not include credit card details, other payment information, or passwords. The specific types of information compromised include:
- For subscribers to Giant Tiger's emails or those who have created an account on their website, the leaked information includes names and email addresses.
- GT VIP loyalty plan members' compromised data includes names, email addresses, and phone numbers.
- For customers who placed online orders for delivery, the leaked information encompasses names, email addresses, street addresses, and phone numbers.
- For customers opting for in-store pickup, the exposed data includes names, email addresses, and phone numbers.
The number of affected individuals is not disclosed.
Update - On Friday 12th of April 2024 the hacker posted what they claim to be the "full" database of Giant Tiger customer records stolen in March 2024. "The breach includes over 2.8 million unique email addresses, names, phone numbers and physical addresses." The data set is available for fre, with a nominal "8 credits," to unlock the link but forum credits are trivially generated by commenting or writing new posts.
Giant Tiger is notifying the affected customers directly and has informed privacy regulators as mandated by law. The company has reassured that its systems—online, mobile, and in-store—remain secure and operational post-incident. Giant Tiger also advises customers to be vigilant of fraudulent emails, texts, or calls purporting to be from the company, emphasizing that they will never request payment information or passwords through such communications.
Customers concerned about their personal information's security can request its deletion by contacting Giant Tiger Customer Service. The company expresses regret over the incident and commits to maintaining robust privacy practices to prevent future breaches.
