Loblaw is reacting to a breach of its new PC Optimum points card program.
Hackers in Quebec stole millions of points from customers in other provinces and spent them here. It's now reimbursing affected customers, and advising them to strengthen their passwords.
There are concerns that more than just points were stolen, said Danielle Ferron, a lawyer specializing in cyber-security.
“For sure there is a question of what else the hackers accessed. What information was available? Depending how the information was controlled by the company, how it was segmented internally, it can make a huge difference between having just a bit of information on a customer and having all of their data.” She said.
Ferron believes people may be too trusting when it comes to giving out our personal information.
“Statistics show that about 90 per cent of companies have been victims of hackers already, so there are so many cyber incidents nowadays, I don’t think anything is safe. It’s just a question of attempting to make things as protected as possible and be ready to respond when there’s an incident,” she said.
“I think people need to be aware that our data is private, it’s sensitive and we need to understand when we give our data, what it is going to be used for. And companies need to determine what data do they really need, how long are they going to keep it, and who in the company has access to this data. So there are a lot of questions,” said Ferron.
The grocery giant merged its PC points card with Optimum earlier this year.
Loblaw was recently found to be part of bread-price fixing scheme. As a penalty, it offered it has customers $25 gift cards, which they have to get online.