Company says approximately 1,300 customers affected by Canada Computers data breach
listen to this article
estimated 5 minutes
The audio version of this article has been generated by AI-based technology. There may be mispronunciations. We are working with our partners to continually review and improve results.
Canada Computers & Electronics continues to investigate a data breach that affected hundreds of people, leaving customers frustrated with how the company handled and reported the episode.
“This is something that should not have happened,” said Eric Pimentel, an IT professional who canceled a credit card after being warned by the company that he would potentially be affected — and was later told he was not.
Brad Seward of Toronto also canceled a card after receiving a notification from Canada Computers, before he was advised he was not affected.
“It really seems like this company is everywhere,” Seward said via email.
Canada Computers told CBC News on Tuesday that its “current investigation indicates that 1,284 customers were affected by this incident.”
Richmond Hill, Ontario-headquartered retailer stated earlier On January 22, it learned of a data breach incident involving “unauthorized access to the systems supporting our retail website”, which led to the compromise of personal customer information – including credit card information.
Canada Computers says it took immediate steps to stop the breach. It also informed the authorities and launched an investigation. Affected customers were alerted on January 25.
The breach has been reported to the federal privacy watchdog as well as York Region police.
Pimentel and Seward are among half a dozen customers who told CBC News they received a notification from the company about the breach and were later told it was not accurate.
The company has confirmed that it sent such a message and said it apologizes for the confusion.
“This was a miscommunication,” the company said Tuesday. “Canada Computers sent the original notice to both affected customers and some who were not affected. We confirmed with (the latter) that their customer information was not affected.”
The company did not say how many people had received this follow-up message.
The company says only ‘guests’ were affected by the breach
According to the company, the breach affected customers who checked out their purchases as “guests” on its website between December 29 and January 22 and also entered their personal information.
Pimentel said he did not check out as a guest. But he is not feeling more secure due to the company’s explanation.
“I don’t feel reassured at all,” he said, adding that he expects more transparency from a large retailer like Canada Computers. The company operates more than 30 stores in four provinces, in addition to its retail website.
“This is not some little mom-and-pop shop in a strip mall,” said Pimentel, who lives in Hamilton, Ontario, within driving distance of two of the company’s stores.
Seward similarly said that he had not checked out as a guest during his recent presentation at Computers of Canada.
And although he was told by the company that he was not among the group of affected customers, he said its explanation “does not match my experience.”
Personal information of thousands of workers was sold via the dark web after a data breach at BC Interior Health. The agency has denied this happening. Mark Kelly of the Fifth Estate came to an industry event to ask the minister in charge about it.
Violations may go unnoticed for months
Terry Cutler, CEO of Montreal-based Cylogy Labs, said cybersecurity episodes of this nature often go unnoticed for months before being discovered.
According to his point, IBM publishes an annual report on the costs associated with data breaches. In 2025, It called the global average breach life cycle – The average time required to identify and contain the breach and then restore services – was 241 days or approximately eight months.
John Brueggemann, a Cincinnati, Ohio-based cybersecurity professional at ONX, said there have been suggestions online that customers may have helped bring the problem to Canada Computers’ attention, which could explain why the time period the company is citing is relatively short.
Brueggemann said the company’s description of the incident suggests it has a branch of its website that deals with guest checkout that is separate from purchases made by users with dedicated accounts.
But both he and Cutler say people purchasing as guests are likely doing so for practical reasons. Brueggemann said he generally makes the decision about whether or not to check out as a guest based on whether he or she wants to have further communication with the company.
As for the bigger picture, Cutler said the shelf life of stolen data can be long, because “cyber criminals can get to it weeks, months, years later.”
To that end, Canada Computers says it has provided guidance to affected customers “on the security of their personal and financial information” and offered them two years of credit monitoring and identity theft protection.
