Loblaw Companies Limited Reports Data Breach Affecting Customer Contact Information
Learn More
Loblaw Companies Limited, the parent organization of Loblaws and Shoppers Drug Mart, reported a data breach on March 10, 2026.
The company identified suspicious activity within a contained, non-critical segment of its IT network. Attackers gained unauthorized access to customer records, prompting a forensic investigation. The company characterized the event as a low-level breach due to the limited nature of the accessed systems.
The compromised data includes:
- Full names
- Phone numbers
- Email addresses
The number of affected individuals and the nature of the attack are not disclosed. Loblaw claims that passwords, health information, and credit card data were not compromised.
As part of its security response protocol, the company forced a logout for all digital service users. Customers must re-authenticate to access their accounts, ensuring that any unauthorized sessions are terminated.
