Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Hacker claims responsibility for Giant Tiger hack, leaks millions of records online

An abstract image of a cloud raining data.

A hacker has claimed responsibility for a recent data breach at Giant Tiger which resulted in the leak of sensitive information belonging to millions of customers.

BleepingComputer recently spotted a new thread on an underground forum titled “Giant Tiger Database - Leaked, Download!” which included a post from the threat actor claiming, "In March 2024, the Canadian discount store chain Giant Tiger Stores Limited... suffered a data breach that exposed over 2.8 million clients. The breach includes over 2.8 million unique email addresses, names, phone numbers and physical addresses."

Besides this information, the database also includes “website activity” of Giant Tiger customers, the leaker claimed.

Giving it away

Giant Tiger has more than 260 stores across Canada, and in 2021, reported annual sales of approximately $2 billion, and 10,000 employees. 

In a statement given to BleepingComputer, Giant Tiger essentially confirmed the leak, shifting the blame to an unnamed third party:

"On March 4, 2024, Giant Tiger became aware of security concern related to a third-party vendor we use to manage customer communications and engagement," the statement reads. “We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation."

"No payment information or passwords were involved."

While this type of data is usually sold on the dark web, in this case, it was basically given out for free. Whoever wanted to obtain it only needed to spend 8 forum “credits”, a virtual forum currency that is obtained by posting new threads, commenting, and generally participating in forum activities. 

The database has since been added to the HaveIBeenPwned? website, where it was said that almost half (46%) of the records were already present. That means that some of the Giant Tiger customers were already compromised in the past, elsewhere.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.