Thieves target PC Optimum points for a second time
For a second time, PC Optimum members have been targeted by thieves stealing points. The scheme saw a new partnership between Loblaws and Shoppers Drug Mart at the beginning of the year, but it wasn’t the smooth transition either party has hoped for, with some members suddenly losing thousands of points. And now a second round of theft has left some members out of pocket once more. According to the PC Optimum team this is all the fault of a system glitch which is allowing thieves to stay in a member’s online account even after a password reset.
One unlucky Kitchener customer was even targeted twice, resulting in a loss of 250,000 points in total. Despite strengthening his password after the initial attack, William Grobe told CBC: "It feels like someone's in [my account] in spite of any security."
Grobe discovered his first loss on March 23 when 240,000 of his points-equal to $240-were suddenly spent at two Loblaws Pharmaprix drugstores in Montreal. Even after PC Optimum owner Loblaws claimed to have resolved his account issue, the thief struck again just two days later, spending 10,000 more points. "You feel a bit violated," said Grobe. "If I get my points back, how do I know they're not going to be stolen again?"
According to CBC News, more than 40 PC Optimum members had points stolen, ranging from $120 to $1,160 in value. The supermarket giant has came forward and admitted that this second round of hacking was down to an undetected system fault which allowed thieves to stay in their victim’s accounts, even after a password change.
Just had 60,000 points stolen from my @pc_optimum account and my account info changed. Looks like @LoblawsON & @ShopprsDrugMart still haven’t fixed things! @CBCNews
— Brett Polegato (@BrettPolegato) April 13, 2018
My @pc_optimum was hacked. Would really like my 80,000 points back.....
— Dorothy Costa (@Dorothydawn76) April 9, 2018
Although many customers voiced their anger on Twitter, Loblaws said that only “a very small number” of its nine million members were targeted, and that it had since resolved password weakness issues. The company has also advised customers to be aware of their password strength.