HQ/EMEAFind out how we can help your business
Earlier this month, Giant Tiger, a prominent Canadian retail chain, disclosed a data breach that escalated, with a hacker taking responsibility for the incident and leaking 2.8 million records onto a hacker forum.
This breach, affecting millions of Giant Tiger customers, has raised concerns about the security of the personal information of every affected individual.
The hacker posted a Giant Tiger database that is free to download.
The hacker posted on a dark web forum, “Giant Tiger Database – Leaked, Download!”, claiming to possess the complete database of customer records stolen during the March breach. The compromised data allegedly includes over 2.8 million unique email addresses, names, phone numbers, physical addresses, and even website activity of the affected customers.
Forum members eagerly awaited access to the data, with one member expressing excitement at finally accessing all 60 pages of the database section. Moreover, the hacker obliged requests for a sneak peek by posting a small snippet of the dataset.
Despite the severity of the breach, acquiring the leaked data was accessible as the hacker only required a mere “8 credits” on the forum, a currency easily obtained through forum activities. The willingness of the hacker to leak the data highlights the concern about the accessibility of sensitive information in underground forums.
Although Giant Tiger has not verified the authenticity of the leaked data, the retail chain did confirm the security concern. In addition, it attributed it to a breach involving a third-party vendor responsible for managing customer communications and engagement.
Still, Giant Tiger assured customers that the data breach has not compromised payment information or passwords.
In response to the breach, HaveIBeenPwned, a data breach monitoring service, has added the leaked database to its website, allowing users to check if their information was compromised. The service reports that over 46% of the breached records were already in its database.
The company’s customers should remain vigilant against potential phishing attempts, as threat actors may use the leaked information to execute other malicious campaigns, such as fraud and phishing.
While no financial information was compromised, customers should consider signing up for identity monitoring services to prevent or mitigate identity theft attempts.
