Ikea Canada has revealed an internal data breach impacting 95,000 Canadians, Global News has learned.
One of those impacted, Calgarian Arthur Gallant, said he received an email from the retailer last week, advising him his privacy had been breached.
“I was stunned, I was shocked, I was speechless,” he said. “This is the third privacy breach since 2020 that my family has had to deal with.”
Ikea confirmed the email and the privacy breach to Global News.
Officials also told us the furniture company acted quickly to prevent the data from being used, stored, or shared with any third parties. It also confirmed no financial or banking information was accessed.
Gallant said Ikea’s response was good, but not good enough.
“It’s cold comfort to be told my financial information was not accessed,” he said. “Because the information that was accessed is still pretty private.”
How the breach happened
Ikea Canada told Global News it was made aware that some of its customers’ personal information appeared in the results of a generic search made by an employee between March 1 to March 3.
A spokesperson added that the information was accessed by the person using Ikea’s customer database.
“While we can’t speculate as to why the search was made, we can share that we have taken actions to remedy this situation,” Ikea Canada PR leader Kristin Newbigging said.
“We have also reviewed our internal processes and reminded our co-workers of their obligation to protect customer information.”
Gallant said it’s scary that employees need to be reminded of that.
“When you think of how many people work for these companies, how many people have access to their systems, it certainly rattles me,” he said.
“How can one person access private, confidential info of 95,000 customers over a three-day period? This is absolutely unacceptable.”
Ikea Canada has submitted a breach report to the Office of the Privacy Commissioner of Canada (OPC).
OPC officials confirmed they are in communication with the company to get more information and determine next steps. They would not say what those steps could be.
However, OPC did tell Global News during the 2020-21 fiscal year the office received 782 breach reports, affecting at least nine million Canadian accounts.
The privacy commissioner’s office and Ikea Canada advised people to be vigilant about their personal and financial data including advice on how to deal with breaches and how to protect their personal information.
Gallant has already taken steps to secure his information by putting a fraud block on his credit report and he urged others to do the same, despite any assurance from any company.
“Even though the email from Ikea says there is no financial information involved, in today’s day and age I simply can’t trust that.”