Canadian Online Retailer Suffers Data Breach, Waits Entire Month Before Telling Customers

Canadian online retailer has suffered a data breach and may have lost the credit card information of some customers.

In an email to customers, the company admitted it had been hacked—in December or January. Several thousand customers’ information—including addresses and full credit card information—may have been compromised, and waited well over a month before notifying customers of this. There is a reason for that delay though, according to CEO Rebecca McKillican, who was interviewed by Candice So.

SEE ALSO: Raises $5 Million and Names New CEO


An attacker managed to get access to’s website through a vulnerability, gaining access to customers’ credit card data as they typed it in for the first time to make a purchase. The vulnerability was closed Jan. 7 when the service provider did a routine change of security measures on’s account. The service provider then informed about two weeks ago, and got further confirmation about the breach from its credit card provider less than a week ago.

“Because it was a small subset of customers [affected], our first priority was to contact those customers, and we’ve been using all of our resources this morning and early afternoon to reach out to those customers,” McKillican told So yesterday.