Skip to main content
Canada’s most-awarded newsroom for a reason
Enjoy unlimited digital access
$1.99
per week
for 24 weeks
Canada’s most-awarded newsroom for a reason
$1.99
per week
for 24 weeks
// //

A Loblaws store in Toronto.

Aaron Vincent Elkaim/The Canadian Press

Loblaw is warning PC Plus rewards collectors to beef up their passwords after points were stolen from some members' accounts.

"We are treating this as a breach as individual member accounts were accessed and points were stolen," said Kevin Groh, the company's vice-president of corporate affairs and communication, in a statement.

The breach stems from people using favourite or weak username and password combinations across multiple sites, he said.

Story continues below advertisement

These combinations were stolen from other sites and used to access PC Plus accounts, according to Groh.

In an email to PC Plus members sent late last month, Loblaw (TSX:L) pointed to sites like Yahoo and LinkedIn, which were both hacked in recent years.

Last year, LinkedIn said a 2012 security breach compromised more than 100 million user passwords. It was previously believed only 6.5 million passwords were implicated.

Also last year, Yahoo said the personal information of more than one billion of its users was stolen during a 2013 breach.

Loblaw said the company is unable to disclose how many accounts lost points as the company is continuing to work with any members whose points were taken to reinstate them.

The company emailed all PC Plus members late last month, urging them to update their passwords. It asked members to create unique passwords that are a combination of letters, numbers and characters, and to change them frequently.

Loblaw also notified law enforcement, Groh said.

Story continues below advertisement

Groh said Loblaw's IT security team is monitoring unusual activity and is investigating any possibility of underlying IT vulnerabilities.

With files from the Associated Press

Report an error
Tickers mentioned in this story
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies