Skip to main content

Running Room Canada website hit with data breach; some passwords, credit card info accessed

A wall of running shoes at The Running Room in downtown Toronto, Feb. 1, 2010. THE CANADIAN PRESS/Darren Calabrese A wall of running shoes at The Running Room in downtown Toronto, Feb. 1, 2010. THE CANADIAN PRESS/Darren Calabrese
Share

An outside group may have accessed the online personal information of some Running Room customers in Canada over the last several months, the walking and running retailer says.

In an email to customers on Friday obtained by CTVNews.ca, the company says it "recently identified and addressed" a security incident involving "a subset of user data."

The retailer says an "unauthorized group" managed to access and "skim" customers' emails, names, addresses, phone numbers and credit card information — including the number, expiry date and CVV security code — between Nov. 19, 2022, and Jan. 18, 2023.

The email from Running Room says the skimming may have captured the information of those who purchased something on the company's Canadian website within that period.

Those who received an email were identified as having made a purchase during that time.

"In response to this discovery, we immediately launched an investigation and have removed their ability to obtain this information," the email reads.

Running Room says it is co-operating with law enforcement, privacy commissions and the Canadian Centre for Cyber Security.

The company posted the same details about the data breach on its website, last updated on Jan. 23.

It is unclear exactly how many customers are affected by the data breach.

Asked about this, Running Room chief financial officer Roger Dang told CTVNews.ca in a statement that the vulnerability "only impacted a small subset" of their online shop customers, all of whom have been notified.

Running Room, he added, became aware of the issue on Jan. 18 and "located and removed the vulnerability immediately upon becoming aware of the unauthorized access."

"We are currently working with Police agencies and are cooperating with the investigation and cannot provide further comment at this time," the statement from Dang says.

The company says it believes the intent behind the "skimming" of customer data is to resell credit card information.

"There is the possibility that the information may be used for social engineering, phishing and misrepresentation of the individual," Running Room says.

Users are advised to review their credit card statements and reset the passwords to their Running Room accounts, as well as any other online service that uses the same password. The company also says it has also put in place "enhanced security measures."

CTVNews.ca Top Stories

Hertz CEO out following electric car 'horror show'

The company, which announced in January it was selling 20,000 of the electric vehicles in its fleet, or about a third of the EVs it owned, is now replacing the CEO who helped build up that fleet, giving it the company’s fifth boss in just four years.

Stay Connected