Canadian companies Loblaw grocery giant and telecom company Telus were the targets of cyber attacks that resulted in the loss of customer data.
Loblaw posted a press release dated March 10 on its website about the data breach.
The company characterized the cyber-attack as a “low-level data breach” with only “basic” information exposed, and said it’s notifying its customers.
“After identifying suspicious activity on a contained, non-critical part of its IT network, the company has determined that a criminal third-party accessed some basic customer information such as names, phone numbers and email addresses,” said the company in the news release.
It did not specify when the cyber-attack occurred.
Loblaw went on to say that its current investigation has indicated that customers’ passwords, health information and credit card data “were not compromised” nor was PC Financial.
Loblaw Companies Ltd. operates thousands of stores across Canada, including grocery stores such as the Real Canadian Superstore, No Frills, Extra Foods and Dominion, as well as Shoppers Drug Mart pharmacy.
Telus was also subjected to a cyber attack that resulted in customer data being accessed, but it’s unclear when it happened and how serious it was.
No mention of the cyber attack in Telus’ Newsroom site (back to July 2025) could not be found.
In an interview with the Canadian Press posted on March 13, Telus said it’s investigating a cyber attack on a “limited number” of its digital systems.
Telus spokesperson Richard Gilhooley said the company will notify any customers who may have been affected.
The story did specify how many customers were or might have been impacted in the data breach nor what type of data were accessed and stolen.
In addition to cyber forensic experts, the company said it’s working with law enforcement.
A group calling itself ShinyHunters contacted an American media outlet last week, claiming it was planning to release a large amount of data that it claimed to have stolen from Telus in August [2025?], and that the group had sent Telus a ransom note in February demanding a payment [unspecified] in Bitcoin.
The group also shared with Reuters news service samples of the alleged data including information about two dozen or so companies, personal data, call data, and FBI background check information. Reuters has not verified its authenticity.
