Here in Canada, the biggest retailer of computer gear not named Best Buy is Canada Computers. I’ve shopped there for years. But only in store. That’s likely a good thing because a report surfaced on Reddit on January 18th that an credit card skimmer had been set up on the Canada Computers online store around December 8 of last year. It was removed on January 22. Though it’s not clear if this was removed by the retailer or by the threat actor because it was discovered.
Now Canada Computers was apparently notified that this was a valid threat, but they didn’t make any acknowledgement of said threat. Then stories started to appear in places like MobileSyrup and iPhoneInCanada over the last couple of days that this had happened. And only yesterday did emails go out to Canada Computer Customers that this breach had happened. The cynic in me says that that attention in Canadian tech media forced their hand.
So what data did the bad guys get? How about:
- credit card number
- CVV
- expiration date
- first name
- last name
- billing address
- billing city
- billing province
- billing postal code
- phone number
- email address
- the Canada Computers account you’re logged into
This is more than enough information for a threat actor to do anything from commit fraud to identity theft. Given that, the smart thing for anyone who used Canada Computers website to order goods is to cancel their credit cards. And you should keep a close eye on your statements and transactions from your credit cards. I say this because there are reports that fraudulent purchases have been made using the information that this credit card skimmer obtained.
Now here’s the part where I hold Canada Computers feet to the fire. They need to urgently check to see if there was any lateral movement within Canada Computers environment. They also need to look at their website and address the weaknesses that allowed this threat actor to get in, along with any other weaknesses that they find. Then they need to explain in detail how the threat actors got in, what they are doing to make sure that this doesn’t happen again, and why any consumer should trust them. I say this because upon learning about this, I set up a Memory Express account as I am pretty skittish at stepping into Canada Computers. After all, I don’t know how far into their environment the threat actors got, or if they are still there. Thus it’s better to take my purchases for computer gear elsewhere. At least until Canada Computer says something that makes me want to reconsider that decision.
Canada Computers Website Pwned In Cyberattack That Swiped Credit Cards….. Oh Crap
Posted in Commentary with tags Canada Computer, Hacked on January 27, 2026 by itnerdHere in Canada, the biggest retailer of computer gear not named Best Buy is Canada Computers. I’ve shopped there for years. But only in store. That’s likely a good thing because a report surfaced on Reddit on January 18th that an credit card skimmer had been set up on the Canada Computers online store around December 8 of last year. It was removed on January 22. Though it’s not clear if this was removed by the retailer or by the threat actor because it was discovered.
Now Canada Computers was apparently notified that this was a valid threat, but they didn’t make any acknowledgement of said threat. Then stories started to appear in places like MobileSyrup and iPhoneInCanada over the last couple of days that this had happened. And only yesterday did emails go out to Canada Computer Customers that this breach had happened. The cynic in me says that that attention in Canadian tech media forced their hand.
So what data did the bad guys get? How about:
This is more than enough information for a threat actor to do anything from commit fraud to identity theft. Given that, the smart thing for anyone who used Canada Computers website to order goods is to cancel their credit cards. And you should keep a close eye on your statements and transactions from your credit cards. I say this because there are reports that fraudulent purchases have been made using the information that this credit card skimmer obtained.
Now here’s the part where I hold Canada Computers feet to the fire. They need to urgently check to see if there was any lateral movement within Canada Computers environment. They also need to look at their website and address the weaknesses that allowed this threat actor to get in, along with any other weaknesses that they find. Then they need to explain in detail how the threat actors got in, what they are doing to make sure that this doesn’t happen again, and why any consumer should trust them. I say this because upon learning about this, I set up a Memory Express account as I am pretty skittish at stepping into Canada Computers. After all, I don’t know how far into their environment the threat actors got, or if they are still there. Thus it’s better to take my purchases for computer gear elsewhere. At least until Canada Computer says something that makes me want to reconsider that decision.
Leave a comment »