Skip to main content
small business advisor

Jody Steinhauer’s business, Bargains Group Ltd., was hacked last year and it still hasn’t fully recovered.JENNIFER ROBERTS/The Globe and Mail

Jody Steinhauer is the founder and chief bargains officer for Toronto-based Bargains Group Ltd.

I'm a Canada-based pioneer in discount wholesaling. My company supplies retailers and not-for-profit charities with discount clothing and the supplies they need to run their operations. My passion in particular is helping homeless organizations.

I'm in the happiness business. I sell bargains, and everyone loves a bargain, so I make people happy. People are on Google all day looking for "cheap socks" or "discount gloves" or whatever they need. Hopefully we show up and they go to our website and say, "Wow, look at this place, they've got everything."

Then they typically build an inquiry, pick a few items and say, "Please give me more information." We get a certain number of those every day.

All of a sudden, starting last October, that went to zero overnight. It was in the fourth quarter, which is our busiest time, so I thought that was kind of weird.

I happened to be in a meeting downtown with other business owners, so I reached out to my neighbour and said, "Something's weird." And then, ironically, I got a Google Alert on Bargains Group. (The alert is an automated e-mail that informs you when your business is mentioned online.) When I clicked on it, it went to this other company, some financial company in Europe.

My colleague looked at it and said, "You've been hacked."

Sure enough, other Google Alerts started popping up and everyone said, "You've got to deal with this right away – someone is prostituting the organic traffic you've got."

We investigated immediately and asked three companies to help us. Basically, someone hijacked our site and put code on each of our Web pages, like 3,000 pages, and diverted all of our traffic to their site.

Within days, Google's algorithm detected this fraudulent activity and blacklisted our website so that it no longer showed up in searches. They basically took us down and we didn't even know. People were calling us and asking if we were still in business. My site is like a catalogue, so when somebody needs something they just go to Bargains Group and get whatever they want. But they couldn't find us, we were wiped off the map.

If somebody didn't have the smarts to look up our phone number and call us, they would have just assumed we were out of business. We get probably 25 new clients a day from Internet searches, so the impact on our business was estimated at easily a million dollars in revenue.

I had contacts inside Google, and they investigated. They told me, "You've been really badly hijacked and you have to clean this up immediately, then show Google that you're okay." The hackers were very, very smart at what they did. They went into spaces where nobody even thought to look. We had to clean it up and we went back up in March.

But it's sad – we were victims and we had to prove ourselves to Google again. Talk about frustrating. We rely on the Web so much for business. We don't have salespeople – all our business comes from inbound traffic.

We've actually developed a brand new website because there are still things on our existing site that we can't clean. But we're not flipping it on until January; I'm not going to risk being wiped off the map for another fourth quarter.

From a credibility perspective, wow, what an effect this had. "What happened to Jodi? She went bankrupt, right?" That's just what we all say. It happens every day. I don't know if you ever recover.

We're still not where we used to be, because there are broken links and some weird things with our site. Three times in the past two months our website has been knocked off again and we had to go back to Google and ask why they keep taking it down. We're at their mercy.

But the new site is going up in a few months, so it doesn't make sense to spend bad money after good.

We were told that our site was secure when it was built, and that's what was really frightening. You think you're okay until something happens. We check every day to see if Google has taken us down.

What advice do I have? Obviously, ask your providers whether you're secure or could be hacked. I don't know what else you can do these days. I personally don't think anything is secure. Who would ever think Equifax would get hacked? Hackers are so sophisticated now. I hate to say it, but I think a lot of it is just luck.

We're very fortunate. We're back. We're trying to get as many people as we can on our Facebook page and things like that, so if anything ever happens we can communicate. But it's pretty difficult because a lot of our clients are not allowed to use Facebook at work. It's very difficult to have a Plan B, I've found.

Interact with The Globe