P2022-ND-059

Canadian Tire Corporation

On August 11, 2022, a threat actor used credentials compromised in previous breaches from unrelated third-party companies to gain access to accounts of users who use the same credentials with the Organization and utilized a configuration error on an application programming interface (API) to circumvent security safeguards. The breach was discovered by the Organization on September 11, 2022. The breach affected certain Triangle Reward accounts and certain Canadian Tire accounts.

File Type: pdf
Categories: 2022
Tags: Unauthorized access