Ikea Canada Had A “Internal” Data Breach…. WTF??

Over the last month, my wife and I have been doing shopping at Ikea Canada. But I may be rethinking that as it has come to light this past week that Ikea Canada had what they term an “Internal” data breach that affected 95,000 Canadians. Global News has the details:

Ikea Canada told Global News it was made aware that some of its customers’ personal information appeared in the results of a generic search made by an employee between March 1 to March 3.

A spokesperson added that the information was accessed by the person using Ikea’s customer database.

“While we can’t speculate as to why the search was made, we can share that we have taken actions to remedy this situation,” Ikea Canada PR leader Kristin Newbigging said.

“We have also reviewed our internal processes and reminded our co-workers of their obligation to protect customer information.”

Okay. The fact that you have to remind your employees not to do something like this is a huge problem. And the fact that an employee did this is a massive problem. It likely shows that their internal controls weren’t on point.

Here’s the best news out of this:

kea Canada has submitted a breach report to the Office of the Privacy Commissioner of Canada (OPC).

OPC officials confirmed they are in communication with the company to get more information and determine next steps. They would not say what those steps could be.

Hopefully the OPC smacks Ikea Canada silly as this is pretty unacceptable from my perspective. In the meantime, affected customers have already been notified by email.

Leave a Reply

%d bloggers like this: