A hacker has claimed responsibility for a recent data breach at Giant Tiger which resulted in the leak of sensitive information belonging to millions of customers.
BleepingComputer recently spotted a new thread on an underground forum titled “Giant Tiger Database – Leaked, Download!” which included a post from the threat actor claiming, “In March 2024, the Canadian discount store chain Giant Tiger Stores Limited… suffered a data breach that exposed over 2.8 million clients. The breach includes over 2.8 million unique email addresses, names, phone numbers and physical addresses.”
Besides this information, the database also includes “website activity” of Giant Tiger customers, the leaker claimed.
Giving it away
Giant Tiger has more than 260 stores across Canada, and in 2021, reported annual sales of approximately $2 billion, and 10,000 employees.
In a statement given to BleepingComputer, Giant Tiger essentially confirmed the leak, shifting the blame to an unnamed third party:
“On March 4, 2024, Giant Tiger became aware of security concern related to a third-party vendor we use to manage customer communications and engagement,” the statement reads. “We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation.”
“No payment information or passwords were involved.”
While this type of data is usually sold on the dark web, in this case, it was basically given out for free. Whoever wanted to obtain it only needed to spend 8 forum “credits”, a virtual forum currency that is obtained by posting new threads, commenting, and generally participating in forum activities.
The database has since been added to the HaveIBeenPwned? website, where it was said that almost half (46%) of the records were already present. That means that some of the Giant Tiger customers were already compromised in the past, elsewhere.
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews