Canadian retail chain Giant Tiger data breach may have impacted millions of customers

Canadian retail chain Giant Tiger data breach may have impacted millions of customers

A threat actor claimed the hack of the Canadian retail chain Giant Tiger and leaked 2.8 million records on a hacker forum.

A threat actor, who goes online with the moniker ShopifyGUY, claimed responsibility for hacking the Canadian retail chain Giant Tiger and leaked 2.8 million records on a hacker forum.

Giant Tiger is a Canadian discount store chain that operates over 260 stores across Canada. The threat actor responsible for the post claims to have uploaded the complete database of the company that was stolen in March 2024.

The threat actor behind the post claims to have uploaded the “full” database of Giant Tiger customer records stolen in March 2024. The compromised data include email addresses, names, phone numbers, physical addresses, and website activity. Financial data was not impacted in the alleged incident.

“In March 2024, the Canadian discount store chain Giant Tiger Stores Limited (https://www.gianttiger.com/) suffered a data breach that exposed over 2.8 million clients. The breach includes over 2.8 million unique email addresses, names, phone numbers and physical addresses. The data was breached by @ShopifyGUY” reads the announcement published by ShopifyGUY on Breachforums.

Every member of the forum can download the archive for 8 credits.

Customers of the Canadian retail chain can check for the presence of their data in the leaked archive by querying the data breach monitoring service HaveIBeenPwned.

BleepingComputer reached the retail company that confirmed they became aware of security concerns related to a third-party vendor.

(SecurityAffairs – hacking, Giant Tiger)

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini