Toys “R” Us Canada has informed customers about a data breach that could have exposed their personal details. The toy store revealed in an email sent to shoppers on Thursday that it became aware on July 30 of information being shared on the “unindexed Internet” claiming to have been taken from the company’s databases.
It remains uncertain whether Toys “R” Us Canada was referring to the deep web, a segment of the internet that is challenging to access since it is not indexed by search engines, or the dark web, which is accessible through specific software and is often associated with unlawful activities.
The company did not immediately respond to inquiries about the breach email or provide reasons for the delay in notifying customers about the incident. According to the Office of the Privacy Commissioner of Canada, companies are obliged by law to inform individuals whose personal information may have been compromised “as soon as feasible.”
While the company’s communication to customers mentioned that upon learning about information linked to the company circulating online, Toys “R” Us Canada engaged cybersecurity professionals to conduct an investigation. The experts confirmed that unauthorized third parties had copied the records.
Toys “R” Us Canada stated that the breached records might contain customers’ names, addresses, emails, and phone numbers. However, it clarified that no passwords, credit card details, or similarly sensitive data were involved in the breach. The company also indicated that there was no evidence of any misuse of the compromised information.
The email from Toys “R” Us Canada expressed regret for any inconvenience caused by the incident and assured customers of their commitment to enhancing security measures to prevent similar occurrences in the future. The company mentioned that it is in the process of reporting the breach to privacy regulators and has sought legal guidance for assistance.
Vito Pilieci, a spokesperson for the Office of the Privacy Commissioner of Canada, stated in an email that they are aware of the breach and have contacted Toys “R” Us Canada to gather more information and determine the next steps.
Toys “R” Us Canada advised customers to be cautious of responding to any unexpected or unsolicited emails or text messages claiming to be from the company, as they could be fraudulent. The company also warned against clicking on links or downloading attachments from suspicious emails and highlighted the importance of being vigilant against phishing and spoofing attempts.
Cybersecurity incidents have been recently reported at Canadian Tire Corp. Ltd. this month. Over the past year, breaches have affected Nova Scotia Power, the College of New Caledonia in Prince George, B.C., and PowerSchool, a provider of educational software used by numerous schools.
Statistics from Statistics Canada reveal that the number of police-reported cybercrimes in the country surged to 92,567 last year from 65,141 in 2020. Among these crimes, fraud constituted 46,301 cases, while identity theft and identity fraud accounted for 957 and 4,283 instances, respectively.