Groceries are not cheap these days. So my wife and I shop at Loblaw where we can earn points on specific groceries that we by which we can then redeem to buy groceries. There have been times where we have redeemed enough points to not have to pay a cent for weeks worth of groceries. That seems like a good deal. Until I woke up this morning and found that the systems that run PC Plus rewards have been hacked. Here’s the details:
Loblaw is warning PC Plus rewards collectors to beef up their passwords after points were stolen from some members’ accounts.
“We are treating this as a breach as individual member accounts were accessed and points were stolen,” said Kevin Groh, the company’s vice-president of corporate affairs and communication, in a statement.
The breach stems from people using favourite or weak username and password combinations across multiple sites, he said.
These combinations were stolen from other sites and used to access PC Plus accounts, according to Groh.
Okay. I will admit that people reusing passwords is a #fail waiting to happen. But this statement does have a bit of a “blame the victim” slant to it as their intrusion detection systems should have been able to detect unusual activity. Assuming that one was in play of course. The way this story reads, it seems like Loblaw found out about this when PC Plus members lost points and told the company. That’s a scenario that should never happen. In the meantime, if you’re a member of PC Points you should change your password to something unique and strong and check your points balance to see if you too have been pwned. I’m advising my wife to do that right now.
UPDATE: I would also strongly recommend that you check to see if there are additional cards on your PC Points account. Reports are now starting to surface that people who have lost points have found additional cards on their accounts. Clearly this is how the points are being stolen.
UPDATE #2: This apparently has been an ongoing issue for Loblaw. Many thanks to “Lisa” who directed me towards this thread on Red Flag Deals that indicates that this hack started late last year. Clearly Loblaw has some explaining to do as they really should have been up front with the public long before now.
PC Optimum Terms And Conditions Changes Are A #Fail
Posted in Commentary with tags Loblaw on September 9, 2024 by itnerdIf you are a member of the PC Optimum points program which is run by Loblaw, you likely recently got an email that looks in part like this:
The way this email reads, Loblaw is altering things so that account takeovers, and the resultant financial costs of said takeovers, is lessened. In their favour. While most of this email seems fine “ish”. Here’s the part of the email that bothers me:
So if you live in Quebec, you have to be informed that your PC Optimum account has been pwned. But they don’t have to inform you if you live anywhere else in Canada?
Am I the only one who looks at this and says that this is suspect at best?
The problem with this is that you might not notice that you have been pwned until it’s way too late. Unless you’re in Quebec where I am guessing that there is a legal requirement for the company to let you know that you’ve been pwned. That to me is problematic as Loblaw should do the right thing and let anyone who has been pwned know that they’ve been pwned and not just the people where they are legally forced to do so.
I pointed this out to my wife as we’ve been shopping substantially less at Loblaw and associated stores such as Shopper’s Drug Mart over the last few months due to their high prices when compared to their competition. But we still had around 250,000 points in our PC Optimum account which is the equivalent of $250 CDN. That changed this weekend where we redeemed most of those points for groceries, personal health items, and the like. Taking our points total down to just over 19,000 and we’ll eventually figure out how to spend that. But I can say that we’re stocked up in a number of areas from food to health and beauty for not a whole lot of cash outlay to do so. Why have we done this? This news really rubs us the wrong way, and combined with their high prices, we’re done with Loblaw and the PC Optimum program.
If this course of action sounds familiar, we did something similar with Petro Canada when they got pwned last year. And I have maybe been to a Petro Canada station twice since then. My wife and I are big believers that companies who do stupid things should not get your hard earned money. But it’s not just the cash that we’re depriving Loblaw of. We’re also depriving them of the data on our shopping habits that I know is equally as valuable. Because when you sign up for one of these programs, the company behind it is gathering data on you so that they can do anything from mine it to better sell things to you, of to sell this data to third parties. And I am pretty sure that if enough people say that enough is enough and pull out of this program, Loblaw would likely rethink their actions because it’s the data on your shopping habits that they really want.
This is slated to go into effect on Halloween. Let’s see if Loblaw gives consumers a treat by changing course on this, or they are going to go ahead and roll out this trick that really isn’t a good one.
Leave a comment »