Sobeys admits to data breach in fall 2022, alerts customers
It was a cyber-security incident that made headlines across the country late last year. Although the company involved waited until now to confirm it.
The Maritime-based Empire Co. – parent company of Sobeys – acknowledges customers and employees past and present are receiving letters saying their personal information may have been compromised.
Bill Zebedee received his letter in the mailbox late last week from Medical Health Care Services Inc. (MHCSI) -- the company that provides group benefit plans and works with pharmacies, including Sobeys and Lawtons.
Zebedee said when he first read the letter he was confused.
“I was very surprised because I never heard of the company. I contacted them to confirm it was real,” he said.
The letters informed recipients that an unnamed third party gained access to Sobeys servers on Nov. 1, 2022.
Experts say more letters may be sent out.
“This is one particular sub-company within the overall Empire Co. group of companies who may be affected, so we may see different kinds of these letters arriving,” said cyber security expert David Shipley.
The company was heavily criticized for its lengthy silence on the issue for weeks. Business professor Ed McHugh said the letters come as no surprise.
“This breach was large when it happened because they couldn’t accept gift cards at Sobeys for a while and Lawtons [also] had some issues, so we knew the breach was significant and Sobeys had been very quiet about this matter," adds McHugh.
In an email to CTV News, Sobeys said, “With the help of external experts, we have investigated how an unauthorized third party gained access to some of our servers and systems. The process to identify what data has been impacted has been extremely complex, and we’ve now reached a point where we can notify those who were potentially impacted.”
The retail giant also said, “We have seen no evidence that personal data was accessed or removed from our servers; however, out of an abundance of caution, we have sent notifications to those who could have been potentially impacted and in compliance with our regulatory obligations. IT security is and has always been a priority for us. Trust and transparency matter deeply and we regret that this event occurred.”
While the letter shares how the information could potentially be used by hackers, Shipley said clearer communication should have been provided much sooner.
“They should have had a media release in an actual press conference and say we’ve started the process of notifying people, so that way we could have had some understanding of who was going to get what notification so people could actually trust them,” he said.
Sobeys has not been alone in dealing with cyber security issues. In recent years, hackers have targeted various businesses and organizations. McHugh said in this case, it is best to be cautious.
“Be very vigilant in phone calls and emails and if something sounds too good to be true, it probably is,” he said.
As for now, it’s unclear how many letters have been sent out, however, we have learned employees are being offered a one-year subscription to a credit monitoring service.
Letters also urge recipients to keep an eye out for possible phishing attempts and avoiding clicking links or downloading attachments from suspicious emails.
CTVNews.ca Top Stories
![](https://www.ctvnews.ca/polopoly_fs/1.6976926.1721883767!/httpImage/image.png_gen/derivatives/landscape_800/image.png)
LIVE UPDATES Multiple homes, businesses 'lost' to wildfire in Jasper National Park: Parks Canada
Officials from Parks Canada and Jasper say "multiple structures, including a number of businesses and homes, in and around the town of Jasper, have been lost" to wildfire in Jasper National Park.
Alberta premier says a third, perhaps half, of all Jasper buildings destroyed by fire
Alberta Premier Danielle Smith says early reports indicate a third and perhaps up to half of all buildings in the historic Rocky Mountain resort town of Jasper have burned in a wildfire.
Prince William's 2023 salary revealed in new report
Newly released financial reports show that William, the Prince of Wales, drew a salary of $42.1 million last fiscal year, his first since inheriting the vast and lucrative Duchy of Cornwall.
Tourist suffers 3rd-degree burns to feet after losing flip flops amid soaring temperatures in Death Valley
A tourist was hospitalized after suffering serious burns on his feet on Saturday when he lost his flip flops at a U.S. national park where temperatures soared past 48 Celsius.
'There's mom and dad's house': New video appears to show destruction of Jasper neighbourhood
Video posted to social media on Thursday morning appears to show the charred remains of a Jasper, Alta., neighbourhood.
Former judge with disputed Cree heritage likely has Indigenous DNA: law society
The Law Society of British Columbia says a DNA test shows a former judge and Order of Canada recipient accused of falsely claiming to be Cree "most likely" has Indigenous heritage.
Australian field hockey player opts to amputate part of his finger in order to compete in Paris Olympics
In the run up to the Paris Olympics, athletes have been stepping up their preparations in order to maintain their edge over competitors. But for Australia’s Matt Dawson, those preparations looked a little different this year, with the field hockey player opting to have part of his finger amputated in order to compete in the Games.
Canada to bring home fewest Olympic medals since 2012, according to forecaster
Fewer Canadians are expected to reach the Paris podium than in the previous two Olympic Summer Games, a global data analytics company predicts.
Jennifer Aniston criticizes JD Vance for 'childless cat ladies' remarks: 'I pray that your daughter is fortunate enough to bear children'
Jennifer Aniston is criticizing JD Vance for comments he made in his past about women without children.