Hacker claims responsibility for Giant Tiger hack, leaks millions of records online

Besides this information, the database also includes “website activity” of Giant Tiger customers, the leaker claimed.

Giving it away

Giant Tiger has more than 260 stores across Canada, and in 2021, reported annual sales of approximately $2 billion, and 10,000 employees. 

In a statement given to BleepingComputer, Giant Tiger essentially confirmed the leak, shifting the blame to an unnamed third party:

"On March 4, 2024, Giant Tiger became aware of security concern related to a third-party vendor we use to manage customer communications and engagement," the statement reads. “We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation."

"No payment information or passwords were involved."

While this type of data is usually sold on the dark web, in this case, it was basically given out for free. Whoever wanted to obtain it only needed to spend 8 forum “credits”, a virtual forum currency that is obtained by posting new threads, commenting, and generally participating in forum activities. 

The database has since been added to the HaveIBeenPwned? website, where it was said that almost half (46%) of the records were already present. That means that some of the Giant Tiger customers were already compromised in the past, elsewhere.

More from TechRadar Pro

• One of the biggest data leaks ever has just been revealed - here's what to do if you've been hit
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now