P2018-ND-027

Canadian Tire Corporation Limited

The Organization previously reported that, in January 2017, routine monitoring of the Organization?s security system identified unusual log-in activity on the website Canadiantire.ca. The Organization?s investigation indicated that an unknown third party obtained customers’ login information (email address and password) for a number of loyalty member accounts from an external source. The cyberattack occurred on January 5 and 6, 2017. However, ongoing monitoring found that attacks of a similar nature occurred at intervals between January 3 and February 6, 2017 as well as on February 14, 21, 27 and 28. The Organization is now reporting that, due to enhanced monitoring and detection capabilities, it has detected suspicious log-in activity that ?is an evolution of the form of cyber attack used earlier this year? and ?between September 19 and November 21, this account access activity increased somewhat in volume.? Further, ?In the more recent subsequent incidents identified, new VPNs not previously identified with suspicious activity were employed to effect the account access.?

File Type: pdf
Categories: 2018
Tags: Unauthorized access