T&T supermarket chain in Canada discloses hack affecting 58,000 customers; issues warning about malware

Posted on by Dissent

Seen at InsideToronto.com:

The website of Canada’s largest Asian supermarket chain has been hacked.

Richmond, BC-based T&T Supermarket Inc, which has three locations in Toronto (two in Scarborough and one in the port lands), advised the public of “unauthorized and illegal intrusions” on its website – www.tnt-supermarket.com – in a June 24 press release.

The security breaches happened June 6, 7 and 11, and from June 14 to 17.

T&T estimates the personal information of up to 58,000 customers on its database may have been compromised. The computers of some customers could have also been exposed to malware.

The supermarket chain noted in the release that it does not collect credit card information, driver’s license, dates of birth or social insurance numbers throughout its website.

The data that may have been compromised includes usernames, passwords, first and last names, ages, genders, email and street addresses, city, province, postal codes, cell phone and other phone numbers and fax information. The information submitted to T&T by job applicants may have also been accessed by the hackers.

Those who visited the site on June 6, 7 or 11 and who either applied for a job or placed product orders for in-store pick up may have been unknowingly redirected to a non-T&T website that instructed them to start a scan by clicking a button on the screen, which could have activated the download of additional software in an attempt to gather their personal data.

A similar scenario may have also happened from June 14 to 17.

T&T expressed its regret at the security breach and urged anyone who receives any communications from anyone purporting to be from T&T to not provide any personal information under any circumstances.

The supermarket chain, which has been owned by Loblaws Companies Ltd. since July 2009, has advised that it will not be contacting customers by any means to request they provide personal data, especially sensitive information like credit card numbers.

T&T, which has been in contact with relevant privacy commissioners, will notify the affected individuals it is aware of.

[…]

Read more on InsideToronto.com

Category: Breach IncidentsBusiness SectorHackMalwareNon-U.S.