Major Canadian retail chain Giant Tiger had a database containing information from more than 2.8 million customers exposed by a threat actor who claimed responsibility for targeting the discount store chain last month, BleepingComputer reports.
Included in the data dump, which has already been added to the Have I Been Pwned? data breach monitoring service, were Giant Tiger customers' names, physical and email addresses, phone numbers, and website activity, said the threat actor, who has enabled database access to anyone willing to spend "eight credits" on the hacking forum that could be earned via new post or comment contributions.
No confirmation of the legitimacy of the exposed data was provided by Giant Tiger but the firm said that it had been compromised as a result of a cyberattack against a third party in early March.
"We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation," said a Giant Tiger spokesperson, who emphasized that the attack did not impact any passwords or payment details.
