Toys “R” Us Canada has informed customers about a data breach that may have exposed their personal details. The toy store disclosed in an email to shoppers that on July 30, it became aware of information posted on the “unindexed Internet” claiming to have been taken from its databases.
It is uncertain whether Toys “R” Us Canada was referring to the deep web, a section of the internet that is challenging to access as it is not indexed by search engines, or the dark web, which is accessible through specific software and is often associated with illegal activities.
The company did not initially respond to inquiries regarding the breach email or provide reasons for the delay in notifying customers about the incident. As per the Office of the Privacy Commissioner of Canada’s guidelines, companies are mandated to inform individuals whose personal data may have been compromised “as soon as feasible.”
Although the company did not elaborate on the breach email, it mentioned that upon learning about the online circulation of information believed to be linked to the company, it engaged cybersecurity experts to investigate. The experts confirmed that unauthorized third parties had copied the records.
Toys “R” Us Canada stated that the breached records potentially include customers’ names, addresses, emails, and phone numbers. However, it assured that no passwords, credit card details, or sensitive data were affected in the breach, and there is no evidence of misuse of the compromised information.
The company expressed regret for any inconvenience caused by the incident and affirmed its commitment to enhancing security measures to prevent similar occurrences in the future. It also indicated that it is in the process of reporting the breach to privacy regulators and has sought legal assistance for this purpose.
Vito Pilieci, a spokesperson for the Office of the Privacy Commissioner of Canada, confirmed the organization’s awareness of the breach and mentioned reaching out to Toys “R” Us Canada for further details and next steps.
Toys “R” Us Canada advised customers to be cautious of responding to any unexpected or unsolicited emails or text messages purportedly from the company, as they could be fraudulent. Additionally, it warned against clicking on links or downloading attachments from suspicious emails and highlighted the importance of vigilance against phishing and spoofing attempts.
Cybersecurity incidents have been reported recently at Canadian Tire Corp. Ltd., and over the past year, breaches have affected entities like Nova Scotia Power, the College of New Caledonia in Prince George, B.C., and PowerSchool, a provider of educational software used by numerous schools.
According to Statistics Canada data, the country witnessed an increase in police-reported cybercrimes, reaching 92,567 cases last year compared to 65,141 in 2020. Fraud accounted for 46,301 of these crimes, with identity theft comprising 957 cases and identity fraud 4,283 incidents.