PC Optimum Clearly Has A Serious Security Issue…. And There May Be Not Much That You Can Do About It

Yesterday I reported that people were having millions of PC Optimum points stolen from their accounts, which as I noted has happened before and is the latest issue with the rewards program run by Loblaws which has been plagued by problems since the company merged multiple rewards programs into one. What become abundantly clear is that Loblaws not only botched the rollout of this program earlier this year, but because members of the program have been hacked twice and their points stolen, it’s also clear that Loblaws lacks sufficient levels of security when it comes to whatever back-end systems that makes their rewards program work. The latter is of great concern because if Loblaws cannot protect you from being pwned by hackers, you have to take matters into your own hands to protect the points that you earn.

Here’s the problem. There may be not much that you can do to protect yourself. I say that because Loblaws has been far from transparent about this issue. It isn’t clear if they know how these hacks are happening. Of if they can stop it from happening in the future seeing as it has happened at least twice that we know of. Which means it is possible that there are more instances of this that they’re not talking about. And any comments that the company has made leaves you with the impression that they really don’t want to admit that they have a serious problem. That’s not good and Loblaws really needs to do better on that front for reasons that I will get to in a bit.

In the meantime, the only thing that you could do that might protect you is to use a unique password for your PC Optimum account (and as an aside, this advice also applies to ANY online account) that is a combination of letters, numbers, and ideally has at least one upper case character and one special character (eg: # $ % &). Also, it should not be tied to you in any way. By that I mean it shouldn’t be a license plate number, or the name of your dog or kids. In the absence of any root cause analysis from Loblaws, that’s really the best that you can do.

Loblaws needs to do better job in terms of being up front about these issues and how they are going to get them remedied because people make a conscious decision to shop at Loblaws, or Shoppers Drug Mart, or any other store that allows them to collect PC Optimum points so that they can get rewarded with free stuff weeks or months later. And to these people, my wife and I included, these points are like money. And we’re trusting Loblaws to manage those points and your personal information similar to  your bank protecting your bank account and personal information from fraud, or just managing them period. So far, Loblaws has done a craptastic job of showing that they can do any of that with any level of competence. That needs to change and change quickly. Otherwise you will see people like my wife and I adjust where and how we shop accordingly. Which will include shopping with retailers that aren’t associated with Loblaws.


3 Responses to “PC Optimum Clearly Has A Serious Security Issue…. And There May Be Not Much That You Can Do About It”

  1. […] Now Loblaws claims that the “glitch” has been fixed, and they said that only a “very small number” had been negatively affected. But I don’t buy that. At this point seeing how often that Loblaws has been pwned by hackers, I seriously doubt that anything short of a third party review of their systems to confirm that any and all issues are fixed is going to reassure members that their points are safe. Because as I said here: […]

  2. […] Loblaws says that they have fixed the password issue that they found the last time their rewards system got pwned by hackers. But that clearly doesn’t seem to be the case as this keeps happening, or they have deeper security issues that they aren’t telling anyone about. Keep in mind that this system has been pwned multiple times both in its PC Optimum incarnation and its PC Points incarnation. Which means that the system is nearly not secure, which is something I said a few weeks ago. […]

  3. […] IT security nightmare for Loblaws that is called the PC Optimum program that has been pwned by hackers repeatedly and has resulted in reward points being stolen from members has taken a bit of a twist. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: