Toys ‘R’ Us Canada notifies customers of breach that may have compromised personal data
Toys “R” Us Canada has notified customers about a data breach it says may have compromised their personal information.
In an email sent to shoppers Thursday morning, the toy store said it learned on July 30 that someone had posted information claiming to be stolen from the business’s database on the “unindexed Internet.”
It is unclear whether Toys “R” Us Canada was referring to the deep web, a part of the Internet that is difficult to access because it is not indexed by search engines, or the dark web, which is accessed through software and is often a haven for criminal activity.
The company did not immediately respond to a request for comment on the breach email or explain why it took so long to notify customers about the incident. The website of the Office of the Privacy Commissioner of Canada says the law requires companies to notify individuals whose personal information may have been breached “as soon as possible.”
However, its message to customers said that after being notified that information belonging to the company was being circulated online, Toys “R” Us Canada hired cyber security experts to investigate. He confirmed that the records were copied by an unauthorized third party.
The company said the records breached may have included customers’ names, addresses, emails and phone numbers.
A security expert and a privacy expert discuss what the Capital One hack means for you and how Canadians can protect their information.
It said the incident did not involve any passwords, credit card details or similar confidential data and the company has seen no evidence that any of the compromised information was misused.
“We apologize for any inconvenience or concern this incident may have caused you,” the email from Toys “R” Us Canada said.
“We are committed to improving our security and are constantly working to upgrade our systems to prevent a similar incident from happening again.”
The company said it is in the process of reporting the incident to privacy regulators and has engaged legal counsel to assist in the process.
Vito Pilisi, a spokesperson for the Office of the Privacy Commissioner of Canada, said in an email that the organization is aware of the breach and has contacted Toys “R” Us Canada to get more information and determine next steps.
Toys “R” Us Canada urged customers to avoid responding to any “unexpected” or “unsolicited” emails or text messages coming from Toys “R” Us. The company said, these messages may be fraudulent.
It advised shoppers not to click on links or download attachments from suspicious emails and said they should be wary of phishing and spoofing attempts.
54:36The value of your data and how to protect it
Phishing occurs when scammers impersonate trusted people or use website login forms to trick victims into entering or revealing sensitive information such as passwords or credit card numbers.
Spoofing is when someone manipulates information to appear trustworthy , For example, Toys “R” Us Canada says the email address of the spoof sender may contain an additional symbol or letter different from the actual business email address.
Cybersecurity issues have emerged this month at Canadian Tire Corp. Ltd. Last year, breaches also ensnared Nova Scotia Power, the College of New Caledonia in Prince George, B.C., and PowerSchool, a maker of education software used by many schools.
Statistics Canada data shows the number of police-reported cyber crimes in the country was 92,567 last year, up from 65,141 in 2020. Fraud alone accounted for 46,301 crimes, while identity theft accounted for 957 and identity fraud accounted for 4,283.
