The company, which has 2,500 locations nation-wide, an annual revenue of $45 billion and employs roughly 220,000 staff, informed customers earlier this week that it had detected suspicious activity on its IT network. Upon further investigation, the company found it had suffered a data breach.
“After identifying suspicious activity on a contained, non-critical part of its IT network, the Company has determined that a criminal third-party accessed some basic customer information such as names, phone numbers, and email addresses,” Loblaw wrote in a statement released March 10.
“As part of its security response protocol, the Company secured its network and customer information. All customers will be automatically logged out of their accounts. To access the Company's digital services, customers will need to log back in.”
Loblaw added that it had not seen any evidence of financial data, passwords or health information having been accessed by threat actors, and said that its financial services organisation, PC Financial, was unaffected according to the investigation.
Loblaw did not identify the threat actor, nor did it disclose the nature of the incident. It is also unclear how many were impacted by the data breach.
Cyber Daily has not found evidence of any threat actors claiming responsibility for the incident.
