Skip to main content

Running Room Canada website hit with data breach; some passwords, credit card info accessed

A wall of running shoes at The Running Room in downtown Toronto, Feb. 1, 2010. THE CANADIAN PRESS/Darren Calabrese A wall of running shoes at The Running Room in downtown Toronto, Feb. 1, 2010. THE CANADIAN PRESS/Darren Calabrese
Share

An outside group may have accessed the online personal information of some Running Room customers in Canada over the last several months, the walking and running retailer says.

In an email to customers on Friday obtained by CTVNews.ca, the company says it "recently identified and addressed" a security incident involving "a subset of user data."

The retailer says an "unauthorized group" managed to access and "skim" customers' emails, names, addresses, phone numbers and credit card information — including the number, expiry date and CVV security code — between Nov. 19, 2022, and Jan. 18, 2023.

The email from Running Room says the skimming may have captured the information of those who purchased something on the company's Canadian website within that period.

Those who received an email were identified as having made a purchase during that time.

"In response to this discovery, we immediately launched an investigation and have removed their ability to obtain this information," the email reads.

Running Room says it is co-operating with law enforcement, privacy commissions and the Canadian Centre for Cyber Security.

The company posted the same details about the data breach on its website, last updated on Jan. 23.

It is unclear exactly how many customers are affected by the data breach.

Asked about this, Running Room chief financial officer Roger Dang told CTVNews.ca in a statement that the vulnerability "only impacted a small subset" of their online shop customers, all of whom have been notified.

Running Room, he added, became aware of the issue on Jan. 18 and "located and removed the vulnerability immediately upon becoming aware of the unauthorized access."

"We are currently working with Police agencies and are cooperating with the investigation and cannot provide further comment at this time," the statement from Dang says.

The company says it believes the intent behind the "skimming" of customer data is to resell credit card information.

"There is the possibility that the information may be used for social engineering, phishing and misrepresentation of the individual," Running Room says.

Users are advised to review their credit card statements and reset the passwords to their Running Room accounts, as well as any other online service that uses the same password. The company also says it has also put in place "enhanced security measures."

CTVNews.ca Top Stories

Here are the signs you're ready to downsize your home

Amid the cost-of-living crisis, many Canadians are looking to find ways to save money, such as downsizing their home. But one Ottawa broker says there are several signs to consider before making the big decision.

Local Spotlight

Video shows B.C. grizzly basking in clawfoot tub

A donated clawfoot bathtub has become the preferred lounging spot for a pair of B.C. grizzly bears, who have been taking turns relaxing and reclining in it – with minimal sibling squabbling – for the past year.

Stay Connected