A company which owns some of the largest retail businesses in Canada has reported that it sustained a cyberattack which may have exposed sensitive employee information.
The Coleman Group of Companies said that it believes the attack exposed some of its human resources and payroll files. Those files contain names, addresses, social insurance numbers, and banking information of employees both current and former.
In a statement to CBC News, Coleman vice president of marketing Greg Gill said that the company’s IT team first discovered the attack while it was happening the weekend of February 20. The team managed to quickly stop the attack after it was detected.
Out of caution, Coleman issued a notice to all current and former employees informing them of the cyberattack.
“There’s evidence to suggest that there was activity or access to certain files on a server, it’s not always easy to determine exactly what may have been access or copied,” explained Gill.
“We, as a company, thought it was best to contact all of our employees, current and former, to do what we thought was the right thing to protect them.”
Coleman then hired a cybersecurity consultant to aid in the investigation of the attack. The company also arranged credit monitoring services for all employees past and present through Equifax Canada for the next 12 months – at no extra cost to staff. The credit monitoring services also come with identity theft insurance.
Gill told CBC News that while the IT team initially shut down internal internet and email services to stop the cyberattacks, the move did not impact business, as Coleman continued to operate its clothing, furniture, and grocery outlets.