Companies take different approaches in response to recent cyberattacks
Letters sent to some Sobeys customers and employees about a cyberattack nearly four months ago highlight the different approaches being taken by companies on how and when to share information about recent data breaches.
In a written statement, Sobeys says there’s no evidence of any personal information being taken from the Nov. 1, 2022 breach, and that letters to some customers and employees were being sent “out of an abundance of caution.” The company re-sent the same written statement when asked how many letters had been delivered and if more could be sent.
Empire Company Ltd. has been reluctant to answer pointed questions about the breach and its breadth, which prevented prescriptions from being filled at Sobeys and Lawtons locations for four days. Initially, the company would only call the incident an “IT systems issue” in public statements.
A version of one of the Feb. 13 letters obtained by CTV was received by an employee who last worked for an Empire Company Ltd. business more than a decade ago. The letter urged the recipient to be vigilant for potential phishing attempts and unsolicited communications.
David Shipley, the CEO of Beauceron Security Inc. based in Fredericton, says the letters are a positive development following a long-delay of information from Sobeys.
“I can’t really understand the communications approach on this one,” says Shipley. “The communications approach from the get-go on this one has probably been one of the weaker elements of the response.”
“There’s a lot of really good lessons for others to learn from this in terms of the importance of a very good communications plan, along with all of the other technical recovery plans.”
In late January, Running Room confirmed it's website was hit with a data breach and that some passwords and credit card information had been accessed between Nov. 19, 2022 and Jan. 18.
Indigo Books and Gifts said it was forced to remove its website on Feb. 8 after a cybersecurity incident. The company has since launched a temporary website where customers can browse products with no online abilities to buy. Indigo says credit and debit card information wasn’t compromised during its cyberattack.
A "frequently asked questions" page is included on the Indigo and Running Room websites regarding the separate breaches. There is no such information to be found on the Sobeys website.
Shipley says it’s important for customers and employees to hold companies accountable for data breaches, but not to outright blame them.
“They’re not the bad guys,” says Shipley. “The bad guys or gals who did this are the criminals or others who perpetrated the crime. What’s important for us all to remember is that when we blame victims for these kinds of crimes we create a culture of shame, and then people don’t want to be transparent.”
“The biggest loss of that is that we don’t get the information we need to understand what the real risks were. Nor do other companies get the valuable insights on things they could learn.”
A January 2023 report from IT security company Check Point Software found cyberattacks increased by 20 per cent in 2022 compared to the previous year.
CTVNews.ca Top Stories
Richard Perry, record producer behind 'You're So Vain' and other hits, dies at 82
Richard Perry, a hitmaking record producer with a flair for both standards and contemporary sounds whose many successes included Carly Simon’s 'You’re So Vain,' Rod Stewart’s 'The Great American Songbook' series and a Ringo Starr album featuring all four Beatles, died Tuesday. He was 82.
Hong Kong police issue arrest warrants and bounties for six activists including two Canadians
Hong Kong police on Tuesday announced a fresh round of arrest warrants for six activists based overseas, with bounties set at $1 million Hong Kong dollars for information leading to their arrests.
Read Trudeau's Christmas message
Prime Minister Justin Trudeau issued his Christmas message on Tuesday. Here is his message in full.
Stunning photos show lava erupting from Hawaii's Kilauea volcano
One of the world's most active volcanoes spewed lava into the air for a second straight day on Tuesday.
Indigenous family faced discrimination in North Bay, Ont., when they were kicked off transit bus
Ontario's Human Rights Tribunal has awarded members of an Indigenous family in North Bay $15,000 each after it ruled they were victims of discrimination.
What is flagpoling? A new ban on the practice is starting to take effect
Immigration measures announced as part of Canada's border response to president-elect Donald Trump's 25 per cent tariff threat are starting to be implemented, beginning with a ban on what's known as 'flagpoling.'
Dismiss Trump taunts, expert says after 'churlish' social media posts about Canada
U.S. president-elect Donald Trump and those in his corner continue to send out strong messages about Canada.
Heavy travel day starts with brief grounding of all American Airlines flights
American Airlines briefly grounded flights nationwide Tuesday because of a technical problem just as the Christmas travel season kicked into overdrive and winter weather threatened more potential problems for those planning to fly or drive.
King Charles III is set to focus on healthcare workers in his traditional Christmas message
King Charles III is expected to use his annual Christmas message to highlight health workers, at the end of a year in which both he and the Princess of Wales were diagnosed with cancer.