Companies take different approaches in response to recent cyberattacks
Letters sent to some Sobeys customers and employees about a cyberattack nearly four months ago highlight the different approaches being taken by companies on how and when to share information about recent data breaches.
In a written statement, Sobeys says there’s no evidence of any personal information being taken from the Nov. 1, 2022 breach, and that letters to some customers and employees were being sent “out of an abundance of caution.” The company re-sent the same written statement when asked how many letters had been delivered and if more could be sent.
Empire Company Ltd. has been reluctant to answer pointed questions about the breach and its breadth, which prevented prescriptions from being filled at Sobeys and Lawtons locations for four days. Initially, the company would only call the incident an “IT systems issue” in public statements.
A version of one of the Feb. 13 letters obtained by CTV was received by an employee who last worked for an Empire Company Ltd. business more than a decade ago. The letter urged the recipient to be vigilant for potential phishing attempts and unsolicited communications.
David Shipley, the CEO of Beauceron Security Inc. based in Fredericton, says the letters are a positive development following a long-delay of information from Sobeys.
“I can’t really understand the communications approach on this one,” says Shipley. “The communications approach from the get-go on this one has probably been one of the weaker elements of the response.”
“There’s a lot of really good lessons for others to learn from this in terms of the importance of a very good communications plan, along with all of the other technical recovery plans.”
In late January, Running Room confirmed it's website was hit with a data breach and that some passwords and credit card information had been accessed between Nov. 19, 2022 and Jan. 18.
Indigo Books and Gifts said it was forced to remove its website on Feb. 8 after a cybersecurity incident. The company has since launched a temporary website where customers can browse products with no online abilities to buy. Indigo says credit and debit card information wasn’t compromised during its cyberattack.
A "frequently asked questions" page is included on the Indigo and Running Room websites regarding the separate breaches. There is no such information to be found on the Sobeys website.
Shipley says it’s important for customers and employees to hold companies accountable for data breaches, but not to outright blame them.
“They’re not the bad guys,” says Shipley. “The bad guys or gals who did this are the criminals or others who perpetrated the crime. What’s important for us all to remember is that when we blame victims for these kinds of crimes we create a culture of shame, and then people don’t want to be transparent.”
“The biggest loss of that is that we don’t get the information we need to understand what the real risks were. Nor do other companies get the valuable insights on things they could learn.”
A January 2023 report from IT security company Check Point Software found cyberattacks increased by 20 per cent in 2022 compared to the previous year.
CTVNews.ca Top Stories
'The best that we can be': Indigenous judge and TRC chair Murray Sinclair dies at 73
Murray Sinclair, who was born when Indigenous people did not yet have the right to vote, grew up to become one of the most decorated and influential people to work in Indigenous justice and advocacy.
India's Modi, Canada's Trudeau condemn violence at Hindu temple near Toronto
The prime ministers of India and Canada condemned violence that broke out on Sunday at a Hindu temple near Toronto at a time of escalating diplomatic tensions between the two countries.
She was diagnosed with Type 2 diabetes about a year ago. Here's how her condition was reversed
A year ago, Lorraine O'Quinn was coping with stress, chronic illness and Type 2 diabetes. Then she discovered a health program that she says changed her life.
Frustration over Mideast war in America's largest Arab-majority city may push some away from Democrats
As an ongoing part of Omar on the Road: America Decides 2024, CTV National News visited the University of Michigan-Dearborn campus to talk to Arab-American students about why they’re feeling left out of the Democrats’ tent.
3 people arrested after incident during protest at Hindu temple in Brampton, Ont.: Peel police
Peel Regional Police say three people are in custody as they continue to investigate an incident during a demonstration at a Hindu temple in Brampton on Sunday.
Judge rules against Alberta casino, dinner theatre operator
An application to stay a receivership order of Mayfield Investments Ltd., a company that owns multiple businesses in Alberta including the Camrose Resort and Casino, Medicine Hat Lodge and Calgary's Stage West Dinner Theatre, has been denied by the court.
'Giving women agency over their health': How innovative solutions are filling the gaps in Canadian menopause care
In a 2022 survey conducted by Leger Canada for the Menopause Foundation of Canada, about 46 per cent of women said they don't feel prepared for menopause, even though they know it's coming. At a time when tech-savvy millennials are starting their menopausal journeys, some tech entrepreneurs are stepping up with potential solutions to long-standing health-care deficiencies.
Ikea will pay 6 million euros to East German prisoners forced to build their furniture in landmark move
Furniture giant Ikea has agreed to pay 6 million euros (US$6.5 million) towards a government fund compensating victims of forced labour under Germany's communist dictatorship, in a move campaigners hope will pressure other companies to follow.
Police arrest Netanyahu aide as opponents accuse him of leaking intelligence to thwart Gaza ceasefire and hostage deal
Israeli police have arrested a top aide to Prime Minister Benjamin Netanyahu over allegedly leaking classified information to foreign media.