P2019-ND-149

Loblaw Companies Ltd.

The Organization launched a new loyalty program on February 1, 2018. After the launch, the Organization identified suspicious spikes in traffic. The first attack noted was on February 14, 2018, followed by attacks on other ecommerce websites in March 2018 (PC Optimum, Joe Fresh and Digital Pharmacy). The Organization investigated, and determined the PC Optimum website was targeted by automated bots in an attempt to authenticate members? login credentials (i.e. email address and password) and then use these credentials to access member accounts. With respect to Digital Pharmacy, the threat actor(s) were not able to access any personal information in patients? online accounts. Nonetheless, the Organization determined that the threat actor(s) were likely using the ecommerce and Digital Pharmacy sites to authenticate credentials in order to access member accounts and steal points. The Organization ?believes that stolen login credentials (i.e. email addresses and passwords) from previous mass security breaches (e.g. Yahoo and LinkedIn) were used by threat actors in attempts to access the large number of recently created PC Optimum accounts?.

File Type: pdf
Categories: 2019
Tags: Loss