Title: Canadian Tire Reports Data Breach Affecting Customer Information

TORONTO - Canadian Tire Corp. Ltd. has announced a data breach that may have compromised the personal information of customers who made online purchases. The retailer identified the breach on October 2, involving data stored in its e-commerce database. This incident affects shoppers with accounts at Canadian Tire and its affiliated brands, including SportChek, Mark's/L'Équipeur, and Party City.

The compromised data includes names, addresses, email addresses, birth years, and encrypted passwords. In some cases, incomplete credit card numbers were also exposed. Canadian Tire clarified that the credit card information available was similar to what appears on a store receipt. Additionally, the full dates of birth for fewer than 150,000 account holders were part of the breach.

Customers whose information was affected will be contacted and offered credit monitoring services from TransUnion Canada. The retailer emphasized that the breached information does not include data from Canadian Tire Bank or Triangle Rewards loyalty programs. Furthermore, the company stated that the breach did not allow unauthorized access to accounts or affect in-store transactions, and its e-commerce systems remain operational.

Since discovering the breach, Canadian Tire has addressed the identified vulnerability and is collaborating with cybersecurity experts to enhance its security measures. The company reassured customers, stating, "All of our websites and systems continue to be monitored closely by internal teams and external cybersecurity experts. There is no indication of any ongoing unauthorized activity."

Canadian Tire advised customers that if they do not receive an email from TransUnion Canada on behalf of the company, no further action is necessary. However, they recommended using strong, unique passwords, avoiding password reuse, and enabling multi-factor authentication. The retailer also urged customers to report any suspicious activity to their financial institutions and to notify the police of any fraud.

Statistics Canada reported that police-reported cybercrimes in the country reached 92,567 last year, a significant increase from 65,141 in 2020. Among these, fraud accounted for 46,301 incidents, while identity theft and identity fraud comprised 957 and 4,283 cases, respectively. Experts have noted that cybercrime is often under-reported due to the stigma associated with being a victim. Recent cybersecurity issues have also been reported at various organizations, including Nova Scotia Power and the College of New Caledonia in British Columbia.