Loblaw Data Breach Alert: Important Notice for Customers

The Largest Food and Pharmacy Retailer in Canada, Loblaw, Notifies Customers of Data Breach

Loblaw Companies Limited, commonly known as Loblaw, recently disclosed a security breach where hackers infiltrated a portion of its IT network and gained access to basic customer information.

As Canada’s largest food and pharmacy retailer, Loblaw operates a vast network of 2,500 stores, encompassing franchise supermarkets, pharmacies, banking kiosks, and apparel shops. The company is set to further expand its footprint with 70 new stores this year as part of a comprehensive five-year plan involving a $10 billion investment by 2030.

Employing over 220,000 individuals and boasting an annual revenue of $45 billion, Loblaw is renowned for its commercial banners and brands such as Loblaws, Real Canadian Superstore, No Frills, Maxi, President’s Choice, PC Optimum, and Joe Fresh.

Following the detection of suspicious activity on its network earlier in the week, Loblaw promptly alerted its customers about the breach, which led to the discovery of an intrusion.

“After identifying suspicious activity on a contained, non-critical part of its IT network, the Company has determined that a criminal third-party accessed some basic customer information such as names, phone numbers, and email addresses,” Loblaw stated.

The compromised data includes personally identifiable information (PII) that could potentially be exploited in phishing schemes and fraudulent endeavors. Customers are advised to stay vigilant for any dubious communications from unfamiliar sources.

Although there is no evidence, as per Loblaw’s investigation, to suggest that sensitive financial data like credit card details, health information, or account passwords were compromised, the company has taken precautionary measures. It has automatically logged out all customers from their accounts, necessitating a re-login for those seeking to access digital services. It is recommended that customers also update their passwords.

Notably, Loblaw’s probe indicates that its financial services brand, PC Financial, remains unaffected by the breach.

As of the latest update, there have been no public claims from any threat actor regarding the attack on Loblaw, nor has any of the company’s data been found advertised on underground forums.

Malware tactics are becoming more sophisticated. The Red Report 2026 sheds light on how new threats leverage mathematical techniques to evade detection and operate covertly.

Access our comprehensive analysis of 1.1 million malicious samples to uncover the top 10 evasion techniques and assess the efficacy of your security measures.

Download The Report