���߲ݴ�ý

What personal information was exposed in the breach?

Canadian Tire  happened Oct. 2 and involved customer information in its e-commerce database. While it did not share how many were impacted, the company said the exposed database contained the personal information of customers who have an e-commerce account with one or more of Canadian Tire, SportChek, Mark’s/L’Équipeur and Party City.

The compromised information includes names, addresses, emails, year of birth, encrypted passwords and, in some cases, incomplete credit card numbers, which the company said cannot be used for purchases or to gain access to the accounts.

Fewer than 150,000 accounts had their date of birth compromised. The hack was also limited to the database and did not include Canadian Tire bank information or Triangle Rewards loyalty, the company said in a news release.

Canadian Tire has identified those affected and will be contacting them to notify of the incident and offer free credit monitoring. Those impacted should receive an email from TransUnion Canada on behalf of Canadian Tire.

The incident has also been reported to privacy regulators, and the company is now working with external experts who are monitoring their systems, the company shared.

There was no impact on in-store transactions and all e-commerce systems remain operational, it added.

What to do if your data gets compromised in a breach or as part of a scam

While Canadian Tire says no action is required from customers other than waiting for the email notification with the next steps, customers are advised to use strong passwords and enable multi-factor authentication (MFA) wherever possible.

AI and cybersecurity expert Abbas Yazdinejad, a post-doctoral fellow in the Artificial Intelligence and Mathematics Modelling Lab at the University of Toronto said adding to the door of your online life.

“This ensures any access the scammer gains is cut off,” he said, adding that the key is to act quickly. Yazdinejad also recommends using a password manager that can automatically generate and remember unique passwords for each accounts.

Those who believe the exposed information can be used by hackers for identity theft can contact credit bureaus to ask about credit freezes or fraud alerts.

A fraud alert informs lenders they may be a victim of identity theft and should take extra steps to verify identity before opening a new credit, while a credit freeze prevents new credit checks entirely, Yazdinejad explains.

These can help stop hackers and scammers from applying for loans or credit cards using stolen information.

It’s also a good idea to get a copy of your credit report and look for any new accounts or inquiries you don’t recognize, he adds.

“Early detection is crucial. For instance, noticing an unfamiliar loan on your credit report could tip you off that someone tried to use your identity.”

Watch out for followup scams

Scammers may either use your information for followup fraud immediately or attempt something later when they think you’ve let your guard down, he warned.

Monitor your inbox for suspicious emails and double-check your bank statements the next couple of days, weeks and months, he advised.

The new danger, Yazdinejad explains, is “phishing 2.0.”

Traditional phishing emails full of typos and odd grammar are becoming a thing of the past. New AI language models, the same technology behind chatbots, are now enabling scammers to generate polished, professionally looking or even personalized messages using information from data breaches or those scraped from public social media accounts, he explained.

A polished email that’s free from typos and grammatical errors doesn’t make the message legitimate. Experts advise users who receive emails, especially ones asking for sensitive information, to reach out to the company directly using the number on its official site or app to verify.