Holy Smokes!!
I’m going to need you to pay attention to this one…
A threat actor – going by the handle “igotafeeling” on the DarkWeb Informer forum – is claiming to have breached Loblaw. Canada’s largest food and pharmacy retailer. The company behind President’s Choice, No Frills, Shoppers Drug Mart, Real Canadian Superstore and your PC Optimum loyalty points.
The data they’re claiming to have:
75.1 million Salesforce customer PII records – names, emails, phones, addresses, loyalty wallet IDs and health card numbers;
724.9 million Shoppers Drug Mart rows including passwords, tokens, loyalty IDs, payment info, credit card numbers and expiry dates;
129.9 million pharmacy fill request records with prescription numbers and patient IDs;
120.4 million e-commerce fraud-feed records with payment card BINs, last-four digits and expiry dates;
20.2 million Delivery Ops Portal records covering orders, deliveries and postal codes;
3,014 GitLab projects with Loblaw’s full source code;
19.3 million Oracle identity records including MFA device details and credentials;
55.3 million marketing and email records across 673 tables;
Read that again slowly.
Your prescriptions. Your credit card details. Your health card number. Your home address. Your passwords. Your loyalty account data.
All of it potentially sitting in the hands of someone who just posted it on a dark web forum and gave Loblaw until March 19th to respond.
As in… six days from now.
