Cyber Incident Victim: Giant Tiger

Giant Tiger, a Canadian discount retail chain, publicly disclosed a cybersecurity breach involving customer information on Saturday, March 4, 2024, though the exact date of the vendor breach discovery remains unspecified. The company identified unauthorized access to a third-party vendor system responsible for managing customer interactions, through which an external actor obtained copies of personal data. The compromised information varied based on customer engagement channels: individuals subscribed to Giant Tiger emails or holding website accounts had names and email addresses exposed; GT VIP loyalty program members additionally had phone numbers compromised. Customers who placed online delivery orders had names, email addresses, street addresses, and phone numbers accessed, while those who opted for in-store pickup had names, email addresses, and phone numbers impacted. The breach did not involve credit card details, payment information, or account passwords according to the retailer’s assessment.

Giant Tiger initiated response measures by engaging cybersecurity experts to conduct an independent investigation following the breach detection. The company committed to direct notification of all affected customers, though the notification method and timeline were not detailed in their public statement. Giant Tiger issued warnings regarding potential phishing attempts via email, physical mail, text messages, or phone calls impersonating the brand. In their March 4 announcement, the organization expressed regret over the incident and emphasized efforts to resolve it transparently while reinforcing commitments to privacy protection and cybersecurity best practices. The retailer did not disclose the number of affected individuals, geographic scope of impacted customers, operational disruptions, or specific containment actions taken beyond the investigative partnership.