Listen to this article
Estimated 3 minutes
The audio version of this article is generated by AI-based technology. Mispronunciations can occur. We are working with our partners to continually review and improve the results.
Canada Computers & Electronics says a data breach has leaked information about some of its customers, though several say they are unhappy with the scant details the retailer has provided — including how many of them were affected, and when the breach occurred.
The company became aware of the breach — which included personal information of its website customers “including credit card information” — on Friday, it told CBC News in a statement.
Canada Computers & Electronics said the affected customers were informed on Monday, given recommendations about steps to take, and that the breach was reported to authorities.
But neither the statement, nor the notices seen by CBC News that went out to customers, says when the breach happened, how long it lasted or how many customers were affected.
The company has only said it is “a few” customers.
“We will provide an update by end of week as our investigation progresses and additional information becomes available,” it said, in its statement.
Customer ‘appalled’
Alex Brochu of Drummondville, Que., was among those to receive a notification — though he’d already been reading about the problem online, where it had been under discussion on Reddit.
Brochu says, as an IT professional, he was “appalled” by the breach and the questions, in his opinion, it raises about how it was done.
He’d made a purchase from the company’s website over the holidays. He cancelled the credit card in question and has fortunately not seen any fraudulent transactions.
The company is based outside of Toronto and has locations in British Columbia, Ontario, Quebec and Nova Scotia. It sells pre- and custom-made computers and other hardware and accessories.
Brad Seward made a purchase on the Canada Computers & Electronics website at the end of December.
He says he found the information the company has shared about the breach to be lacking.
“It’s important that there is accountability here,” said Seward, who lives in Toronto.
The company told its customers it did “not have any evidence” that the stolen information had been used fraudulently.
But Jenna Francis-Koch of Kelowna, B.C., has her doubts.
She says she purchased some computer hardware from the website in late December, and was alerted by her bank in mid-January that someone tried to make a purchase with that credit card in Florida.
When she saw discussion on Reddit about the data breach — she says she didn’t get a notice from the company — Francis-Koch began to suspect the two events were connected.
After reaching out to the company, it said in a message that “this issue has been fully resolved” and that “any customers who may have been impacted have already been notified.”
She says she wants the company to be more “transparent” about what happened and to post a banner on its website advising customers.
Canada’s federal privacy watchdog confirms the company filed a report and that it is working to ensure that Canada Computers & Electronics takes “the necessary steps to address the breach.”
The same law that requires a report to the Office of the Privacy Commissioner of Canada also requries companies to inform customers and other stake-holders of data breaches.
York Regional Police also confirmed it is investigating.
