Loblaw urging PC Plus members to practice password security after hack

Loblaw Companies says it is urging members of its PC Plus loyalty program to be vigilant with their passwords following a recent report indicating hackers had scammed members out of thousands of points.

According to a CityNews report, a small number of PC Plus members had points stolen after their accounts were hacked. Users collect points on their purchases, which can be redeemed for savings on their grocery bill or free groceries.

The TV news report focused on one PC Plus member who had nearly 100,000 points (the equivalent of $100) taken from his account.

In an email statement provided to Canadian Grocer on Tuesday, Kevin Groh, vice-president of corporate affairs and communication for Loblaw Companies, said the company had heard from a “small number” of PC Plus members about the problem and subsequently worked to reinstate their points and reset their username and password.

Groh said Loblaw has also proactively sent notices to its PC Points members encouraging them to practice what he called “good personal password security” by ensuring their passwords are unique, complex, private and regularly changed.

The PC Plus website also features a notice reminding users to ensure they have unique passwords for their various accounts.

“There have been a number of high-profile privacy breaches recently, most notably Yahoo and LinkedIn, where large numbers of usernames and passwords were accessed,” said Groh. “If someone uses a favourite username and password for multiple sites, and one of those sites is exposed, their other accounts can be exposed too.”