One of Canada’s favourite furniture stores has fallen victim to an attack impacting over 95,000 Canadians. Today Ikea Canada has revealed their customer portal has experienced a Data Breach that occurred back in March.
Ironically, this is Ikea’s second attack in the last six months; the company in question fell victim to a Phishing attack back in December of 2021, which resulted in the attacker gaining access to clientele, employee and vendor data.
The company has reassured Global News that “they acted fast to prevent the data from being used, stored or shared with any third parties.” However, regardless of the rampant response, customers question Ikeas’s ability to store their private information; yes, there is reassurance knowing their financials are secure, but they still have confidential information.
Keep in mind that the compromised information was customer names, addresses, phone numbers, and postal codes; this information is valuable to hackers familiar with impersonation attacks, such as spear-phishing and sim fraud. Additionally, this information is utilized as multifactor authentication for banks, companies and phone providers.
There is speculation that the breach in question occurred due to an internal error; the attacker could access the information through Ikea’s customer Database. In three days, the attacker gained access to over 95,000 customer details.
We are still unaware of the actual cause of the attack; the OPC and Office of the Privacy Commissioner of Canada are working alongside them to get more details and establish the next steps.