Information Of More Than 2.8 Million Giant Tiger Shoppers Gets Leaked By Hacker

Tyler Cross
Tyler Cross Senior Writer
Published on: April 16, 2024
Tyler Cross Tyler Cross
Published on: April 16, 2024 Senior Writer

The personal data of more than 2.8 million Giant Tiger customers was recently found on a hacker forum.

Researchers with BleepingComputer found a post on the popular hacker website BreachForums titled “Giant Tiger Database – Leaked, Download!” After investigating it, they found that the hacker posted his information essentially for free, allowing anyone to claim it. It’s not yet verified if the hacker had the complete Giant Tiger database or only part of it.

BleepingComputer found a startling amount of private information, including users’ addresses, names, phone numbers, and email addresses all posted in a public forum for anyone to stumble across.

The only cost to see the data was 8 BreachForums credits to access the page (a form of currency used on the forum and obtained by creating posts and responding to others).

“In March 2024, the Canadian discount store chain Giant Tiger Stores Limited … suffered a data breach that exposed over 2.8 million clients,” the hacker writes.

The researchers who found the post speculate that the incident may have been the result of a failed extortion attempt. Hackers typically try extorting companies, using the private data as a ransom. After failing, it’s common for hackers to post the data online as a way of causing harm to the company.

Giant Tiger responded to the incident.

“On March 4, 2024, Giant Tiger became aware of security concern related to a third-party vendor we use to manage customer communications and engagement,” a Giant Tiger spokesperson told BleepingComputer.

“We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation.”

While they declined to provide the name of the third-party vendor that got hacked, they assured customers that “no payment information or passwords” were stolen.

Giant Tiger shoppers are encouraged to remain cautious while opening unsolicited emails, phone calls, or texts, as it’s likely that threat actors will target people whose data they acquired from the breach.

About the Author
Tyler Cross
Tyler Cross
Senior Writer
Published on: April 16, 2024

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."