Canex warns military personnel to check credit cards after 'malicious attack'
Military store says its website was victim of attack between Nov. 14-21
A Canadian retailer that caters to military personnel and their families is warning its members to monitor their personal information closely after a "malicious attack" may have exposed credit card numbers and other personal information.
In a statement posted online, Canex says its website was the subject of an attack between Nov. 14 and Nov. 21. Canex learned of the attack on Nov. 22, immediately shut down its website, and then called in an IT security firm.
Canex was able to establish that 373 customers had their credit cards compromised. Those people are either military personnel or families of military members.
Canex contacted the 373 customers by email on the evening of Nov. 22 to make them aware of the breach, and followed up with phone calls the next morning. It is offering to pay for a year's worth of credit monitoring for all of the customers whose information was breached.
As a precaution, Canex suggests customers change their passwords for its website and any other online accounts.
Unclear how attack was discovered
"We are very disappointed that this happened and are committed to doing everything we can to make certain it doesn't happen again," the statement reads. "We've taken further steps to improve our procedures and will continue to build even more robust security systems."
The statement does not say how officials became aware of the attack.
Canex was established in 1968 as a way for military personnel on bases to purchase personal items such as groceries and clothing. It lists 35 locations at military bases across the country. In addition to the bricks-and-mortar stores, it operates Canex.ca.
Larry Mohr, a senior vice-president for the military agency that runs Canex, said in the statement the website is now back online after what Mohr called "a complete assessment and remediation."
Incomplete transactions still a risk
Mohr's statement suggested that even people who did not complete a transaction on the website might have had their information compromised.
"If you were on the Canex.ca site and opened a checkout window, entered a credit card number but abandoned the transaction before paying, please inform us immediately so we can issue you a new CFOne card," the statement read.
"We as well recommend you to also change your passwords and advise your credit card provider of a possibility that your credit card has been compromised."
A CFOne card shows military personnel membership and enables them to access certain services such as those offered on Canex.ca.