Toys “R” Us says a database containing customers’ personal information was accessed in what it calls a “cybersecurity incident.”
The toy store chain sent an advisory to shoppers whose data was accessed, saying it began an investigation in the summer. The company wrote it hired a third-party investigator after claims emerged online that someone had stolen information from its customer database.
This investigation revealed that some records had been copied, the store said. The letter to customers said the information accessed may have included customers’ names, addresses, email addresses and phone numbers. It did not contain passwords or credit card information, Toys “R” Us said.
Customers were told that it’s possible not all of their information was accessed, and that the store is currently not aware of anything to suggest information gleaned in the incident has been used for fraud. Still, shoppers are advised to “be vigilant” and contact the store’s customer service department (customerservice@toysrus.ca) if they receive any unexpected emails or text messages that appear to be from Toys “R” Us asking for personal information. Customers can also send any questions about the advisory to that email address.
Additionally, they’re advised not to click links or download attachments from suspicious emails – such as those that contain obvious typos, formatting issues, or unsolicited offers of gifts or money.
The store says it “already (has) strong protections in place across our IT systems,” but that the incident prompted the store to enhance those security measures to prevent future incidents.
With files from CTV News Montreal’s Rachel Lau
