Threat actor leaks info of 2.8 million Giant Tiger shoppers online

A threat actor operating on the underground forum called BreachForums has recently leaked the personal information of 2.8 million Giant Tiger shoppers.

According to a public listing posted on April 12, the hacker stole 2.8 million unique email addresses, alongside names, phone numbers, physical addresses, and website activity from the Canadian retail giant last month.

"In March 2024, the Canadian discount store chain Giant Tiger Stores Limited... suffered a data breach that exposed over 2.8 million clients," the post reads.

Investigators at BleepingComputer who analyzed the listing say that the database is available for download to members who spend eight forum credits, and that the threat actor conceded to requests from members who wanted to see a sample of the stolen data.

“The data set has been leaked essentially for free,” BleepingComputer said. “Although the download link to the set has to be unlocked by spending ‘8 credits,’ such credits are typically trivially generated by forum members by, for example, commenting on existing posts or contributing new posts.”

Although the alleged customer data has not been officially verified, a Giant Tiger spokesperson told BleepingComputer that the customer contact information was exfiltrated from one of the company’s third-party vendors.

"On March 4, 2024, Giant Tiger became aware of security concerns related to a third-party vendor we use to manage customer communications and engagement," Giant Tiger said. "We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation. No payment information or passwords were involved."

What can hackers do with stolen contact information?

While the leaked data may not seem high value, threat actors can do a lot of harm with your contact details by targeting you with phishing emails, texts or phone calls and tricking you into divulging sensitive information such as passwords and credit card numbers.

To stay safe and fend off risks, customers are advised to closely monitor their accounts and be highly vigilant for suspicious messages or phone calls.

We also advise users to pay close attention to unsolicited friend requests that may arrive through social media platforms and ensure that their accounts are set to private.

Need help navigating through the data breach pandemic and protecting your identity?

Use Bitdefender Digital Identity Protection to stay on top of data breaches. It offers 24/7 alerts, a complete overview of your online footprint, and the industry's first Identity Protection Score, which helps you quickly understand the extent of a data breach and how it can impact your safety and wellbeing.