2 min read

Data Breach: Canada"s Fitness Depot Blames ISP for Security Incident

Alina BÎZGĂ

June 09, 2020

Data Breach: Canada"s Fitness Depot Blames ISP for Security Incident

As Covid-19 spread across the world, opportunities to exercise outdoors became limited for most people. Workout routines quickly shifted online, and with gyms now closed, online sales of fitness equipment skyrocketed 55% between January and March 2020.

The newest addition to the data breach “wall of shame” is none other than Fitness Depot, Canada”s largest fitness equipment retailer. Recently, the company started informing its customer database about a security incident that led to the exposure of customers” names, home addresses, email addresses, telephone numbers, and numbers of credit cards used in transactions.

“Cyber criminals may have accessed and or removed personal information relating to certain individuals who made purchases for delivery and or who made purchases for in-store pick up at one of our retail locations,” Fitness Depot said in a data breach notification letter sent to affected shoppers.

The data breach, dated back to February 18, began with the injections of a malicious form on the company website, a clear sign of a Magecart-style attack. Web Skimming attacks are designed to steal payment and personal information.

“Cyber criminals were able to place a form on our Fitness Depot website that was misleading,” the company said. “Once our customers were redirected to this form the customer information was copied without the authorization or knowledge of Fitness Depot. This is how the personal information was captured and stolen.”

It took the company just over 3 months to discover the incident, as their notification clearly points out.

“On May 22nd, 2020 Fitness Depot was informed of a potential data breach on transactions involving our Ecommerce operations. Fitness Depot immediately shut down this service and launched an investigation,” the letter reads.

The vendor is now pointing fingers at its Internet Service Provider (ISP), who apparently “neglected to activate the anti-virus software” on their account. While their statement leaves plenty of room for debate, additional questions regarding the number of impacted customers and potential assistance for affected customers remain — no credit monitoring services were provided for shoppers. The company warns of potential fraud and identity theft incidents, and advises customers to review account statements regularly.

“As of this writing of this notification, Fitness Depot has no knowledge that any of our customer information was compromised in any manner,” the company said. “If you feel that your personal customer information was in fact compromised in any way, please let us know immediately.”

The retailer also mentioned that their security measures have now removed the cyber thieves” access to their online systems, but said they will continue to monitor for any signs of unauthorized activity on their e-commerce platform.

As the world switched to even more online shopping, cybercriminals were not on holiday. They quickly exploited the uptick in e-commerce, deploying targeted attacks on multiple platforms to steal personal and financial information of customers. No stone was left unturned, and cybercrime continues to flourish in the underbelly created by the coronavirus pandemic.

Check now if your personal info has been stolen or made public on the internet, with Bitdefender”s Digital Identity Protection tool.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Gamers Should Still Take Precautions Despite No Evidence Of User Compromise in Electronic Arts Data Breach Gamers Should Still Take Precautions Despite No Evidence Of User Compromise in Electronic Arts Data Breach
Alina BÎZGĂ

September 16, 2021

3 min read
Have you fallen victim to a data breach? Follow these six steps to protect against possible side effects Have you fallen victim to a data breach? Follow these six steps to protect against possible side effects
Alina BÎZGĂ

September 14, 2021

3 min read
7 Ways to Effectively Secure Your Digital Identity 7 Ways to Effectively Secure Your Digital Identity
Alina BÎZGĂ

September 13, 2021

4 min read