Running Room Canada targeted by ‘unauthorized group,’ customer data stolen
Sporting goods retailer Running Room has warned its customers in Canada that an outside group potentially accessed their sensitive data through a cyber incident.
On Friday, the retailer sent out emails to its customers, saying it “recently identified and addressed” an incident which involved “a subset of user data.” Running Room added that the “unauthorized group” was able to access and “skim” customers’ emails, names, addresses, phone numbers and credit card information during the period between November 19, 2022, and January 18, 2023.
Specifically, Running Room warned that the outside group may have captured the information of those who purchased from the company’s online store within that period. CTV News, which managed to obtain a copy of the email, reported that those who received an email from Running Room were customers identified as having made a purchase during the said timeframe.
“In response to this discovery, we immediately launched an investigation and have removed their ability to obtain this information,” Running Room said in its email, adding that it is working with law enforcement, privacy commissions, and the Canadian Centre for Cyber Security.
While it is unclear how many customers were affected by the breach, CTV News reached out to Running Room for further details, and a representative said that the incident “only impacted a small subset” of online shop customers. The company also believes that the perpetrators skimmed customer data with the intent to resell credit card information.
“There is the possibility that the information may be used for social engineering, phishing and misrepresentation of the individual,” Running Room explained.
Last week, Canada-based diecast manufacturer Exco Technologies reported that it had suffered a cyberattack that disabled three of its production facilities. The company gave a two-week timeline for when its operations would resume.