Loblaw Data Breach – Hackers Accessed IT Network and Customer Information

Canada’s largest food and pharmacy retailer has announced an ongoing investigation into a recent corporate data breach.

On March 10, 2026, the company notified its customers that unauthorized threat actors successfully infiltrated a segment of its IT network.

The security incident was discovered after Loblaw detected suspicious activity within its infrastructure. According to the company, the hackers compromised a contained, non-critical area of the network.

Despite the breach’s segmentation, the threat actors still managed to access customer records stored in that environment.

Loblaw Data Breach

Following the initial discovery, Loblaw’s internal investigation confirmed that a criminal third party successfully exfiltrated basic customer contact information.

While the targeted systems did not handle primary operational workloads, they did store personal identifiers.

The compromised customer data includes:

• First and last names.
• Phone numbers.
• Registered email addresses.

To alleviate immediate security concerns, Loblaw explicitly outlined the limitations of the intrusion.

The threat actors failed to move laterally into highly sensitive databases containing financial or medical records.

According to the company’s forensic investigation, the following information remains secure and uncompromised:

• User passwords and login credentials.
• Personal health and pharmacy information.
• Credit card data and payment details.
• PC Financial systems and linked accounts.

Upon detecting the unauthorized network access, Loblaw immediately triggered its internal security response protocols.

The company has secured the affected network segment and implemented containment measures to protect remaining customer data from further exposure.

As a direct defensive action, Loblaw is forcefully expiring active user sessions across its platforms. All customers will be automatically logged out of their digital accounts.

To regain access to Loblaw’s digital services, users must authenticate and log back in.

While passwords were not compromised during this incident, the exposure of names, email addresses, and phone numbers poses a secondary risk.

Security experts advise affected customers to remain vigilant against potential phishing campaigns and smishing (SMS phishing) attempts.

Threat actors frequently leverage this type of basic contact information to launch targeted social engineering attacks aimed at stealing broader credentials.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Loblaw Data Breach – Hackers Accessed IT Network and Customer Information appeared first on Cyber Security News.