Canadian retail giant Loblaw confirms cyber intrusion exposed basic customer information

Loblaw Companies Limited, Canada’s largest food and pharmacy retailer, disclosed that a criminal third party breached a portion of its IT network and accessed basic customer information after suspicious activity was detected on a contained segment of the company’s systems.

The company identified the intrusion earlier this week after security monitoring revealed unusual activity within a non-critical part of its network. An internal investigation determined that the attacker gained access to limited personal information, including customer names, phone numbers, and email addresses.

Loblaw stated that the exposed data involves personally identifiable information that could potentially be used in phishing campaigns or other fraudulent communications. Customers have been advised to remain cautious about unexpected messages or contact attempts from unknown senders.

The retailer’s investigation has not uncovered evidence that financial information or sensitive credentials were compromised. Credit card details, health information, and account passwords appear to remain secure based on the findings so far.

As a precaution, the company automatically logged customers out of their online accounts. Individuals seeking to access Loblaw’s digital services must log in again, and customers are encouraged to change their passwords to strengthen account security.

The review also indicates that PC Financial, Loblaw’s financial services brand, was not affected by the incident.

The number of customers whose information may have been accessed has not been disclosed.

No known ransomware or cybercrime group has publicly claimed responsibility for the intrusion, and no Loblaw data has surfaced for sale on underground forums.

Loblaw operates one of the largest retail networks in Canada, with roughly 2,500 locations nationwide that include supermarkets, pharmacies, banking kiosks, and apparel outlets. The company employs about 220,000 people and generates approximately $45 billion in annual revenue.

Its major banners and brands include Loblaws, Real Canadian Superstore, No Frills, Maxi, President’s Choice, PC Optimum, and Joe Fresh. The company is currently pursuing a five-year expansion strategy that includes opening about 70 new stores this year as part of a planned $10 billion investment through 2030.

The disclosure comes amid a series of cybersecurity incidents affecting major companies, highlighting ongoing risks to customer data across large consumer-facing organizations.