OTTAWA
Ottawa

    • Nordik Spa warns customers of data breach involving gift cards

    Share

    Nordik Spa in Chelsea, Que. is warning customers about a major data breach involving its gift card system.

    In an email to customers, Groupe Nordik says "an event" occurred with its gift certificate system that may have resulted in the access of personal information, including credit card information, by a non-authorized party.

    "In late February 2023, we became aware of suspicious activity on our gift certificate system," Nordik Spa said in the email Tuesday night.

    "We then shut down the system and initiated a full investigation with an expert third-party firm. It is possible that your personal information was accessible when purchasing a gift certificate on the platform during the period of November 4, 2022 - February 27th, 2023."

    Nordik spa says the affected information includes the customer's full name, phone number, street address, email address, and credit card information.

    Customers are asked to report any suspicious activity, such as emails or text messages, to police, and watch out for any suspicious banking activity.

    Nordik Spa says it has conducted a "thorough review" of all security measures in the Groupe Nordik systems, including its gift certificate system.

    "We will also work with third-party experts to continuously strengthen security measures and maximize the protection of our clients' data. We have reported the incident to the relevant authorities and corporations," Nordik Spa said in a statement.

    All gift certificates purchased during the Nov. 4, 2022, to Feb. 27, 2023, period are still valid.

    "We apologize for any inconvenience this may cause. Your personal information and trust are important to us," Nordik Spa said in a statement. "Please rest assured that we have done and are doing everything we can to rectify the situation."

    Gabe Mollot-Hill told CTV News Ottawa this week he purchased a Christmas gift card for his mother, and later noticed fraudulent transactions on the credit card.

    "In February, I happened to just be paying down my credit card and I happened to notice there was a couple hundred dollar Uber charge that I clearly didn't take," Mollot-Hill said, adding he was in the United States visiting his girlfriend at the time of the suspicious charge.

    "I saw it, reported it right away and called TD and had to cancel my card."

    Mollot-Hill says he was unsure how the fraudulent activity appeared on his card, until he received the email from Nordik Spa this week about the gift card payment system being compromised.

    "I figured that must have been it," Mollot-Hill said, adding he saw a Reddit thread of other customers sharing stories of fraudulent transactions.

    In a statement to CTV News Ottawa on Wednesday, Groupe Nordik said "transparency and trust" are the cornerstone of its business.

    "Our customers data privacy and security is of the utmost importance and we have reached out to all customers that may have been impacted. It is unfortunate that data breaches are so commonplace today," Groupe Nordik said.

    "We have since enhanced security measures on all Groupe Nordik systems, including the gift certificate system, and will continue to work with the cyber security firm to maximize the protection of our clients’ data. We will continue to work with law enforcement to defend and protect the interests of our customers. We have asked our customers to stay vigilant and report any suspicious activity to local authorities."

    CTVNews.ca Top Stories

    Shopping Trends

    The Shopping Trends team is independent of the journalists at CTV News. We may earn a commission when you use our links to shop. Read about us.

    Atlantic

    Toronto

    Montreal

    Northern Ontario

    Windsor

    London

    Kitchener

    Barrie

    Winnipeg

    Calgary

    Edmonton

    Regina

    Saskatoon

    Vancouver

    Vancouver Island

    Kelowna

    Stay Connected
    Follow CTV News