Companies take different approaches in response to recent cyberattacks
Letters sent to some Sobeys customers and employees about a cyberattack nearly four months ago highlight the different approaches being taken by companies on how and when to share information about recent data breaches.
In a written statement, Sobeys says there’s no evidence of any personal information being taken from the Nov. 1, 2022 breach, and that letters to some customers and employees were being sent “out of an abundance of caution.” The company re-sent the same written statement when asked how many letters had been delivered and if more could be sent.
Empire Company Ltd. has been reluctant to answer pointed questions about the breach and its breadth, which prevented prescriptions from being filled at Sobeys and Lawtons locations for four days. Initially, the company would only call the incident an “IT systems issue” in public statements.
A version of one of the Feb. 13 letters obtained by CTV was received by an employee who last worked for an Empire Company Ltd. business more than a decade ago. The letter urged the recipient to be vigilant for potential phishing attempts and unsolicited communications.
David Shipley, the CEO of Beauceron Security Inc. based in Fredericton, says the letters are a positive development following a long-delay of information from Sobeys.
“I can’t really understand the communications approach on this one,” says Shipley. “The communications approach from the get-go on this one has probably been one of the weaker elements of the response.”
“There’s a lot of really good lessons for others to learn from this in terms of the importance of a very good communications plan, along with all of the other technical recovery plans.”
In late January, Running Room confirmed it's website was hit with a data breach and that some passwords and credit card information had been accessed between Nov. 19, 2022 and Jan. 18.
Indigo Books and Gifts said it was forced to remove its website on Feb. 8 after a cybersecurity incident. The company has since launched a temporary website where customers can browse products with no online abilities to buy. Indigo says credit and debit card information wasn’t compromised during its cyberattack.
A "frequently asked questions" page is included on the Indigo and Running Room websites regarding the separate breaches. There is no such information to be found on the Sobeys website.
Shipley says it’s important for customers and employees to hold companies accountable for data breaches, but not to outright blame them.
“They’re not the bad guys,” says Shipley. “The bad guys or gals who did this are the criminals or others who perpetrated the crime. What’s important for us all to remember is that when we blame victims for these kinds of crimes we create a culture of shame, and then people don’t want to be transparent.”
“The biggest loss of that is that we don’t get the information we need to understand what the real risks were. Nor do other companies get the valuable insights on things they could learn.”
A January 2023 report from IT security company Check Point Software found cyberattacks increased by 20 per cent in 2022 compared to the previous year.
CTVNews.ca Top Stories
Walking pneumonia is surging in Canada. Is this unusual?
CTVNews.ca spoke with various medical experts to find out the latest situation with the typically mild walking pneumonia in their area and whether parents should be worried.
Joly, Blair condemn anti-NATO protest in Montreal that saw fires, smashed windows
Federal cabinet ministers condemned an anti-NATO protest in Montreal that turned violent on Friday, saying 'hatred and antisemitism' were on display, but protesters deny the claim, saying they demonstrated against the 'complicity' of NATO member countries in a war that has killed thousands of Palestinians.
Retiring? Here's how to switch from saving for your golden years to spending
The last paycheque from a decades-long career arrives next Friday and the nest egg you built during those working years will now turn into a main source of income. It can be a jarring switch from saving for retirement to spending in retirement.
'Her shoe got sucked into the escalator': Toronto family warns of potential risk of wearing Crocs
A Toronto family is speaking out after their 10-year-old daughter's Crocs got stuck in an escalator, ripping the entire toe area of the clog off.
Ottawa driver fined for hauling thousands of empty cans in trunk of car
Ontario Provincial Police stopped an Ottawa man for dangerously hauling thousands of empty cans from the back of his car.
Canada's top general takes on U.S. senator in defending womens' role in combat units
Canada's top general firmly rejected the notion of dropping women from combat roles -- a position promoted by president-elect Donald Trump's nominee for defence secretary -- at a security forum underway in Halifax on Saturday.
Canadians are craving to take a 'adult gap year.' Here's why
Canadian employees are developing an appetite for an 'adult gap year': a meaningful break later in life to refocus, refresh and indulge in something outside their daily routine, according to experts.
Transit supervisor assaulted with 'torch' made of hairspray can and lighter: police
A Winnipeg man has been charged after a transit supervisor was assaulted with a makeshift torch in the city’s downtown area Friday morning.
Prime Minister Trudeau attends Taylor Swift's Eras Tour in Toronto with family
Prime Minister Justin Trudeau is a Swiftie. His office confirmed to CTV News Toronto that he and members of his family are attending the penultimate show of Taylor Swift's 'The Eras Tour' in Toronto on Friday evening.