Toys “R” Us Canada has informed customers about a security breach that may have exposed their personal data. The toy retailer disclosed in an email to shoppers that on July 30, it became aware of information posted on the “unindexed Internet” alleging theft from its databases.
It remains unclear whether the reference by Toys “R” Us Canada was to the deep web, a part of the internet not easily accessible through search engines, or the dark web, known for illicit activities and accessed through specialized software. The company did not initially respond to inquiries regarding the breach notification delay, as the law mandates timely notification of individuals affected by potential data breaches.
Despite the delay, Toys “R” Us Canada took action upon learning that data linked to the company was circulating online. The company engaged cybersecurity experts to investigate, confirming that unauthorized third parties had copied the records. The compromised data may include customer names, addresses, emails, and phone numbers.
Fortunately, no passwords, credit card details, or other sensitive information were compromised in the incident, and there is no evidence of misuse of the exposed data. The company expressed regret for any inconvenience caused and reassured customers of ongoing efforts to enhance security measures and prevent similar incidents in the future.
Toys “R” Us Canada is in the process of reporting the breach to privacy regulators and has sought legal counsel for assistance. The Office of the Privacy Commissioner of Canada is aware of the breach and is collaborating with the company to gather more details and determine necessary steps.
The company advised customers to be cautious of any unexpected or unsolicited communications claiming to be from Toys “R” Us, as they could be fraudulent. It also warned against clicking on suspicious email links or downloading attachments to avoid falling victim to phishing or spoofing attempts.
Cybersecurity incidents have been highlighted at various organizations recently, including Canadian Tire Corp. Ltd. and breaches at Nova Scotia Power, the College of New Caledonia, and PowerSchool. Statistics from Statistics Canada reveal a significant increase in reported cybercrimes in the country, with fraud, identity theft, and identity fraud being notable categories.
Maintaining vigilance and safeguarding personal information remain crucial in the face of escalating cyber threats.