- Hackers leaked customer data from Toys “R” Us Canada, exposing names, emails and phone numbers
- The company hired cyber security experts, strengthened defenses and notified affected customers and authorities
- No passwords stolen, but the risk of phishing and identity theft remains high
Cybercriminals recently stole and leaked Toys “R” Us Canada’s customer information, putting numerous people at risk of phishing, identity theft and other scams.
The company has begun notifying affected customers of the incident, and in a letter that was quickly shared on social media, the company said it became aware of the breach after hackers posted about it on the dark web.
In response, Toys “R” Us hired a third-party cybersecurity firm for forensic analysis and assessment and determined that a “subset of customer records” had been stolen.
Strengthening of security
The letter does not discuss how many people were affected, but it did say that the attackers got away with people’s names, postal addresses, email addresses and phone numbers.
“We would like to emphasize that no passwords, credit card information, or similar confidential data were involved in this incident,” the letter said.
Further, the company said it already had “strong protection” in place across its IT systems, but was still strengthening it with a “number of enhanced security measures” to prevent future intrusions.
There was no word on who the attackers were or how they managed to break in. It just said that so far there is no evidence that the data has been misused.
Valid names, emails and phone numbers are valuable to cybercriminals who can use them for phishing, identity theft and other scams, so it’s safe to say it’s only a matter of time before customers start getting emails spoofing Toys “R” Us or similar companies.
The company said it is currently in the process of notifying the appropriate authorities and urged customers to be vigilant and not respond to unsolicited requests for information, never click on links or attachments from suspicious emails and generally be wary of phishing and spoofing attempts.
So far, no threat actors have claimed responsibility for this attack.
Via Bleeping Computer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
The best antivirus for all budgets
