Hacker claims responsibility for Giant Tiger hack, leaks millions of records online
Sensitive data on almost three million Giant Tiger customers leaked
A hacker has claimed responsibility for a recent data breach at Giant Tiger which resulted in the leak of sensitive information belonging to millions of customers.
BleepingComputer recently spotted a new thread on an underground forum titled “Giant Tiger Database - Leaked, Download!” which included a post from the threat actor claiming, "In March 2024, the Canadian discount store chain Giant Tiger Stores Limited... suffered a data breach that exposed over 2.8 million clients. The breach includes over 2.8 million unique email addresses, names, phone numbers and physical addresses."
Besides this information, the database also includes “website activity” of Giant Tiger customers, the leaker claimed.
Giving it away
Giant Tiger has more than 260 stores across Canada, and in 2021, reported annual sales of approximately $2 billion, and 10,000 employees.
In a statement given to BleepingComputer, Giant Tiger essentially confirmed the leak, shifting the blame to an unnamed third party:
"On March 4, 2024, Giant Tiger became aware of security concern related to a third-party vendor we use to manage customer communications and engagement," the statement reads. “We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation."
"No payment information or passwords were involved."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
While this type of data is usually sold on the dark web, in this case, it was basically given out for free. Whoever wanted to obtain it only needed to spend 8 forum “credits”, a virtual forum currency that is obtained by posting new threads, commenting, and generally participating in forum activities.
The database has since been added to the HaveIBeenPwned? website, where it was said that almost half (46%) of the records were already present. That means that some of the Giant Tiger customers were already compromised in the past, elsewhere.
More from TechRadar Pro
- One of the biggest data leaks ever has just been revealed - here's what to do if you've been hit
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.