Quebec-based luxury spa says customer data compromised in security breach

A Quebec-based luxury spa owner says a data breach may have affected customers who recently bought gift certificates on its platform.

Groupe Nordik, which operates three spa locations in Quebec, Winnipeg and Whitby, Ont., says they became aware of suspicious activity on their gift certificate system in late February and that credit card information may have been compromised.

In a letter sent to affected customers, the company says the breach included “access to your personal information by a non-authorized third party, from November 4, 2022, to February 27, 2023.”

The company says after learning of the breach they immediately shut down the system and hired a third-party cyber security firm to investigate.

“We have since enhanced security measures on all Groupe Nordik systems, including the gift certificate system, and will continue to work with the cyber security firm to maximize the protection of our client’s data,” the company said in a statement to CityNews. “We have asked our customers to stay vigilant and report any suspicious activity to local authorities.”

A number of affected customers took to social media, claiming hundreds of dollars had been charged to their credit cards for Uber and food delivery services.

Last October, the spa was forced to close its Whitby location for almost a month after more than two dozen customers became ill after staph bacteria was found in a saltwater pool shortly after its grand opening. A lawsuit on behalf of 72 plaintiffs has been filed seeking $5 million from the Quebec-based spa group.

Top Stories

Top Stories

Most Watched Today