Loblaw Investigates Data Breach Impacting Customer Information
On March 10, 2026, Loblaw Companies Limited, Canada’s largest food and pharmacy retailer, disclosed a data breach affecting some of its customers. The company detected suspicious activity on a non-critical segment of its IT network, leading to an investigation that confirmed unauthorized access by a third-party criminal.
The exposed data includes basic customer details such as names, phone numbers, and email addresses. Loblaw’s investigation indicates that passwords, health information, and credit card data were not compromised, and PC Financial services remained unaffected.
As part of its response, Loblaw secured its network and logged out all customers from their accounts, requiring them to re-authenticate to access digital services. The company continues its forensic investigation to assess the full scope and impact of the incident.
Loblaw, which employs over 220,000 people across Canada, has not provided further details on the number of affected customers or the method of the breach. The incident remains under review as the company evaluates potential risks and next steps.
Loblaw Companies Limited cybersecurity rating report: https://www.rankiteo.com/company/loblaw-companies-limited
"id": "LOB1773182157",
"linkid": "loblaw-companies-limited",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Food and Pharmacy',
'location': 'Canada',
'name': 'Loblaw Companies Limited',
'size': '220,000 employees',
'type': 'Retailer'}],
'customer_advisories': 'Customers logged out and required to re-authenticate',
'data_breach': {'personally_identifiable_information': 'Names, phone numbers, '
'email addresses',
'sensitivity_of_data': 'Low (no passwords, health info, or '
'credit card data)',
'type_of_data_compromised': 'Basic customer details'},
'date_detected': '2026-03-10',
'date_publicly_disclosed': '2026-03-10',
'description': 'Loblaw Companies Limited disclosed a data breach affecting '
'some of its customers after detecting suspicious activity on '
'a non-critical segment of its IT network. The investigation '
'confirmed unauthorized access by a third-party criminal, '
'exposing basic customer details such as names, phone numbers, '
'and email addresses. Passwords, health information, and '
'credit card data were not compromised, and PC Financial '
'services remained unaffected.',
'impact': {'data_compromised': 'Names, phone numbers, email addresses',
'operational_impact': 'Customers logged out and required to '
're-authenticate',
'payment_information_risk': 'None (credit card data not '
'compromised)',
'systems_affected': 'Non-critical segment of IT network'},
'investigation_status': 'Ongoing',
'references': [{'date_accessed': '2026-03-10',
'source': 'Loblaw Companies Limited'}],
'response': {'containment_measures': 'Secured network, logged out all '
'customers',
'remediation_measures': 'Requiring re-authentication for digital '
'services'},
'threat_actor': 'Third-party criminal',
'title': 'Loblaw Data Breach Impacting Customer Information',
'type': 'Data Breach'}