Canada Computers & Electronics disclosed a data breach affecting some customers, but many are dissatisfied with the lack of specifics provided, such as the number of affected individuals and the breach’s timeline. Initially, the company revealed awareness of the breach on Jan. 23, containing personal information, including credit card details, of website customers. Affected customers were notified on Monday, given guidance on necessary actions, and the breach was reported to authorities.
However, both the initial statement and customer notices did not mention the breach’s occurrence date, duration, or the exact number of impacted customers. The company vaguely stated that “a few” customers were affected and pledged an update by week’s end.
Subsequently, a statement on the company’s website clarified that individuals who checked out as “guests” between Dec. 29 and Jan. 22 and inputted personal information were affected. The company learned of the breach on Jan. 22, not Jan. 23 as initially stated, with customer notifications sent on Jan. 25, contrary to the prior statement’s Jan. 26 mention. The breach, currently under investigation, did not affect in-store purchases or customers using their Canada Computers member account for online transactions.
The company engaged an independent forensic data security firm to assess the breach’s origin, impacted information scope, and to enhance security measures. Affected clients are offered complimentary two-year credit monitoring and identity protection services.
Customers expressed dismay over the breach, including Alex Brochu from Drummondville, Que., and Brad Seward from Toronto, who found the company’s breach details lacking. While the company claimed no evidence of fraudulent use of stolen information, doubts linger among customers like Jenna Francis-Koch from Kelowna, B.C., who suspect a connection after facing unauthorized credit card activity post-purchase.
Canada’s federal privacy watchdog and York Regional Police are involved in addressing the breach, with the company obliged to inform stakeholders under privacy laws. Customers urge for more transparency from the company and enhanced communication about the incident on its website.