Skip to main content

Running Room Canada website hit with data breach; some passwords, credit card info accessed

A wall of running shoes at The Running Room in downtown Toronto, Feb. 1, 2010. THE CANADIAN PRESS/Darren Calabrese A wall of running shoes at The Running Room in downtown Toronto, Feb. 1, 2010. THE CANADIAN PRESS/Darren Calabrese
Share

An outside group may have accessed the online personal information of some Running Room customers in Canada over the last several months, the walking and running retailer says.

In an email to customers on Friday obtained by CTVNews.ca, the company says it "recently identified and addressed" a security incident involving "a subset of user data."

The retailer says an "unauthorized group" managed to access and "skim" customers' emails, names, addresses, phone numbers and credit card information — including the number, expiry date and CVV security code — between Nov. 19, 2022, and Jan. 18, 2023.

The email from Running Room says the skimming may have captured the information of those who purchased something on the company's Canadian website within that period.

Those who received an email were identified as having made a purchase during that time.

"In response to this discovery, we immediately launched an investigation and have removed their ability to obtain this information," the email reads.

Running Room says it is co-operating with law enforcement, privacy commissions and the Canadian Centre for Cyber Security.

The company posted the same details about the data breach on its website, last updated on Jan. 23.

It is unclear exactly how many customers are affected by the data breach.

Asked about this, Running Room chief financial officer Roger Dang told CTVNews.ca in a statement that the vulnerability "only impacted a small subset" of their online shop customers, all of whom have been notified.

Running Room, he added, became aware of the issue on Jan. 18 and "located and removed the vulnerability immediately upon becoming aware of the unauthorized access."

"We are currently working with Police agencies and are cooperating with the investigation and cannot provide further comment at this time," the statement from Dang says.

The company says it believes the intent behind the "skimming" of customer data is to resell credit card information.

"There is the possibility that the information may be used for social engineering, phishing and misrepresentation of the individual," Running Room says.

Users are advised to review their credit card statements and reset the passwords to their Running Room accounts, as well as any other online service that uses the same password. The company also says it has also put in place "enhanced security measures."

CTVNews.ca Top Stories

Local Spotlight

Record-setting pop tab collection for Ontario boy

It started small with a little pop tab collection to simply raise some money for charity and help someone — but it didn’t take long for word to get out that 10-year-old Jace Weber from Mildmay, Ont. was quickly building up a large supply of aluminum pop tabs.

Stay Connected