In March 2024, Canadian retail chain Giant Tiger made a public announcement regarding a data breach. A threat actor has come forward and publicly taken responsibility for the Giant Tiger Data breach. They have leaked approximately 2.8 million records on a hacker forum, claiming that these records belong to Giant Tiger customers.
To assist users in determining if their information has been compromised, the data breach monitoring service HaveIBeenPwned has added the leaked database to its website. This allows individuals to easily check if their personal information was included in the breach.
Giant Tiger, a discount store chain, operates a network of over 260 stores across Canada and employs approximately 8,000 individuals. The company is actively addressing the breach and working to enhance its security measures to prevent similar incidents in the future.
2.8 Million Customer Details Stolen in Giant Tiger Data Breach
A reputable source, discovered a concerning post on a hacker forum.
The post, titled “Giant Tiger Database – Leaked, Download!”, caught their attention.
The threat actor responsible for the post has boldly claimed to have uploaded the entire database of customer records stolen from Giant Tiger during the data breach that occurred in March 2024.
“In March 2024, the Canadian discount store chain Giant Tiger Stores Limited… suffered a data breach that exposed over 2.8 million clients,”
“The breach includes over 2.8 million unique email addresses, names, phone numbers and physical addresses.”
States the threat actor.
According to the threat actor responsible for the post, the dumped data not only contains customer records but also includes the “website activity” of Giant Tiger customers. This suggests that sensitive information related to the online activities of customers may have been compromised in the breach.
Breach Caused by a third-party vendor
Without commenting on the authenticity of the leaked data, a spokesperson said:
“On March 4, 2024, Giant Tiger became aware of security concern related to a third-party vendor we use to manage customer communications and engagement,”
“We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation.”
“No payment information or passwords were involved.”
Giant Tiger, the affected retail chain, has chosen not to disclose the identity of the third-party vendor involved in the data breach. While the decision to withhold this information may raise questions, it is a common practice for companies to keep the identities of third-party vendors confidential in such situations.
Giant Tiger is likely prioritizing the investigation and remediation of the breach, as well as ensuring the security of their customers’ data, rather than focusing on publicly naming the vendor at this time.
Records Added to HaveIBeenPwned
As of April 12th, the data set from the Giant Tiger breach has been included in the “Have I Been Pwned?” (HIBP) database.
Given this breach, it is crucial for Giant Tiger customers to exercise caution when receiving any suspicious emails or communications claiming to be from the retailer. These could potentially be phishing attempts orchestrated by threat actors seeking to exploit the situation.
While it is important to note that no payment information or passwords were exposed in this particular breach, customers may still consider signing up for an identity monitoring service.
Such services can provide an additional layer of protection against identity theft and related fraudulent activities.