P2017-ND-165

On January 5, 2017, routine monitoring of the Organization?s security system identified unusual log-in activity on the website Canadiantire.ca. The data breach was discovered on January 7, 2017 as logs were reviewed to determine whether the attack had resulted in any inappropriate access. The Organization?s investigation indicated that an unknown third party obtained customers’ login information (email address and password) for a number of loyalty member accounts from an external source which is believed to be linked to previous privacy breaches in other organizations unrelated to the Organization. There was no breach of the Organization?s safeguards. The Organization took action to suspend the affected accounts. The Organization?s investigation initially found that the cyberattack occurred on January 5 and 6, 2017. However, ongoing monitoring found that attacks of a similar nature occurred at intervals between January 3 and February 6, 2017 as well as on February 14, 21, 27 and 28.

File Type: pdf
File Size: 333 KB
Categories: 2017