According to an email sent out to Loblaws account holders, the security of a ‘small number’ of accounts has been compromised, marking the second time the company has suffered a security breach this year.
The last time Loblaws’ websites suffered a breach, the company reset all subscriber passwords, though in that case the issue only affected Loblaws’ PC Plus Program. As it stands right now, it doesn’t look like Loblaws is opting for that strategy this time, though the company does recommend users reset their passwords as a security precaution.
Comprised websites include Loblaws.ca, Joefresh.com and Beautyboutique.ca, as well as other Loblaws grocery chain websites.
“On behalf of Loblaw Companies Limited, we are writing to inform you of recent unauthorized online activity, which may have impacted a small number of user accounts on our websites,” reads the email sent out to those affected by the breach.
Great. Someone is trying to hack my $3.21 in Loblaws points. It took me three years to build them up. pic.twitter.com/woYIM6jeLT
— Steve Ladurantaye (@ladurantaye) July 19, 2017
When the first PC Plus account breach occurred back in February 2017, Loblaws released the following statement about the incident:
“In recent weeks, we have observed some unusual activity on select PC Plus accounts. Our investigation indicates that the PC Plus system has been the target of fraud, resulting in some members having their points stolen. We believe the principle cause is passwords exposed through third party websites or weak passwords.”
We’ve reached out to Loblaws for more information regarding the data breach.