first nova scotia power, now canadian tire: dalhousie university cybersecurity expert says people need to prepare for attacks
2 minute read
canadian tire corporation announced the company was the target of a cybersecurity attack earlier in october.
a cybersecurity expert at dalhousie university says people need to assume they will be the target of a cyberattack and prepare accordingly.
the latest in a spate of cybersecurity attacks hit the canadian tire corp. this month. other canadian companies that have had recent cyberbreaches include nova scotia power, westjet and ganong bros.
canadian tire announced tuesday that it was targeted by cybersecurity criminals.
“more and more cyberthreats are happening in canada and the world, and definitely the private sector is getting hit by this,” said nur zincir-heywood, associate dean research with dalhousie university’s faculty of computer science.
“the vulnerability is high because the attack surface is high. there are a lot of e-business and e-commerce happening in our cyberworld and on the internet. the more hyper-connected we get, the bigger attack surface because it is easier for the attacker to find maybe a software system that is vulnerable when there are so many out there that we have to defend. all they have to do is find one vulnerability to get in.”
on oct. 2, canadian tire says, it identified a data breach involving customer information in an e-commerce database. the company said the unauthorized activity was limited to that database, which did not include canadian tire bank information or triangle rewards loyalty data.
advertisement
canadian tire said the database contained basic personal details like name, address, email and year of birth, and that affected customers have been notified. the database also contained encrypted passwords and, in some cases, incomplete credit card numbers. the password and credit card information cannot be used for account access, transactions or purchases, said the company.
zincir-heywood said it is important for people to monitor their accounts for suspicious activity following a cyberbreach. she said sensitive information such as names, email addresses and date of birth can be used to exploit a user.
“you need to monitor your accounts, bank statements and credit cards,” said zincir-heywood.
“this is information that can be used to impersonate a user, can maybe be used in combination with some other public information on social media sites,” said zincir-heywood.
“an attacker could use that to access further information about the user. when we try to access our online banking info or other online information, usually the bank or an organization tries to ask questions to verify our identity. more data breaches include potential answers to such questions.”
canadian tire said the vulnerability has been resolved and it is working with external experts to enhance related protections.
advertisement
zincir-heywood said breaches suffered by canada tire and other companies can often lead to further phishing campaigns against their customers. she said people need to prepare by protecting themselves by using stronger passwords and multifactor authentication applications. she suggested using a phrase or a sentence with numbers and symbols to strengthen a password.
“one of the best practices we can apply is not using the same password in different organizations,” said zincir-heywood.
“the multifactor application is adding another layer of defence, and if nothing else slows down the attacker if they are trying to access some of our information by making use of the data breach information about us.”
share story
