A recent data breach has rocked the Canadian retail giant Giant Tiger, with a threat actor claiming responsibility for compromising 2.8 million customer records. The breach, which occurred in March 2024, has raised concerns about the security of customer data and the potential fallout for affected individuals.According to reports, the breach was the result of a cybersecurity incident involving one of Giant Tiger’s third-party vendors.
The threat actor responsible for the breach has dumped the stolen data on a hacker forum, exposing sensitive information such as email addresses, names, addresses, and phone numbers of Giant Tiger customers.Despite the lack of official confirmation from the company or any involved parties, media reports have highlighted comments on the hacker forum suggesting the availability of the stolen data for download. The hacker has made the dataset available for free on the forum, albeit with a requirement to spend “8 credits” to unlock the download link.
To assist affected individuals in determining if their information was compromised, the breach tracking service HaveIBeenPwned added the leaked database to its website on April 12th. The incident has contributed over 2.8 million breached records to the HIBP database, with 46% of them being duplicates.The breach underscores the risks associated with third-party vendors and the importance of robust cybersecurity measures to protect customer data. Giant Tiger has issued a statement acknowledging the incident and expressing regret for any inconvenience caused to customers. The company is working diligently to resolve the situation and has notified all relevant customers about the breach.
