Millions of Giant Tiger customers possibly affected by data breach

Threat Actor: ShopifyGUY | ShopifyGUY
Victim: Giant Tiger | Giant Tiger
Price: 8 credits
Exfiltrated Data Type: Email addresses, names, phone numbers, physical addresses, and website activity

Additional Information:

  • The threat actor claims responsibility for hacking Giant Tiger and leaking 2.8 million records on a hacker forum.
  • Giant Tiger is a Canadian discount store chain with over 260 stores across Canada.
  • The compromised data includes email addresses, names, phone numbers, physical addresses, and website activity.
  • Financial data was not impacted in the alleged incident.
  • Customers can check if their data is in the leaked archive by using the data breach monitoring service HaveIBeenPwned.
  • The security concerns were related to a third-party vendor.

Possible rewrite: “ShopifyGUY claims responsibility for hacking Giant Tiger and leaking 2.8 million customer records, including email addresses, names, phone numbers, physical addresses, and website activity. The breach did not affect financial data. Customers can check if their data is in the leaked archive using HaveIBeenPwned. The security concerns were related to a third-party vendor.”

A threat actor, who goes online with the moniker ShopifyGUY, claimed responsibility for hacking the Canadian retail chain Giant Tiger and leaked 2.8 million records on a hacker forum.

Giant Tiger is a Canadian discount store chain that operates over 260 stores across Canada. The threat actor responsible for the post claims to have uploaded the complete database of the company that was stolen in March 2024.

The threat actor behind the post claims to have uploaded the “full” database of Giant Tiger customer records stolen in March 2024. The compromised data include email addresses, names, phone numbers, physical addresses, and website activity. Financial data was not impacted in the alleged incident.

“In March 2024, the Canadian discount store chain Giant Tiger Stores Limited (https://www.gianttiger.com/) suffered a data breach that exposed over 2.8 million clients. The breach includes over 2.8 million unique email addresses, names, phone numbers and physical addresses. The data was breached by @ShopifyGUY” reads the announcement published by ShopifyGUY on Breachforums.

Every member of the forum can download the archive for 8 credits.

Customers of the Canadian retail chain can check for the presence of their data in the leaked archive by querying the data breach monitoring service HaveIBeenPwned.

BleepingComputer reached the retail company that confirmed they became aware of security concerns related to a third-party vendor.

(SecurityAffairs – hacking, Giant Tiger)

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini



Original Source: https://securityaffairs.com/161811/cyber-crime/giant-tiger-data-breach.html