Customers of Winnipeg's Thermea spa alarmed after notification of …

The parent company of a popular luxury spa in Winnipeg is in hot water after a data breach opened the door for hackers to access a variety of private information from customers. This week, customers who purchased gift certificates from Thermea spa between early November and late February were told in an email that their credit card information may have been compromised, alongside their full names, phone numbers and email and street addresses. Groupe Nordik, the parent company of the spa, said that they learned of the breach in late February, shut down the gift certificate system and hired a third-party firm to investigate.

“We have since enhanced security measures on all Groupe Nordik systems, including the gift certificate system, and will continue to work with the cyber security firm to maximize the protection of our clients’ data,” the email said. Gift certificates that have not been redeemed are still valid, Groupe Nordik said. The appropriate authorities have been notified of the breach and affected customers were encouraged to keep an eye out for any suspicious activity.

Unencrypted credit card info

“What the email didn’t include, though, was any guidance around the risk of identity theft that they have now incurred for me,” John Robins told Radio-Canada in a Wednesday interview.

Robins purchased a Thermea gift certificate with his credit card at a Polo Park kiosk around Christmastime, he said. He has submitted a complaint about the breach to the Office of the Privacy Commissioner. He’s not aware of any fraudulent charges on his credit card, but he’s going through his records again.

Robins was surprised to learn that Thermea saved his credit card information for any amount of time. “I certainly did not think that I was putting myself in that level of risk when I made a simple point-of-sale transaction with Therma.” Gautam Srivastava, a Brandon University professor of computer science who specializes in cybersecurity, said it’s fairly normal for companies to keep the amount of customer information that Thermea did for situations involving marketing and repeat customers.

He said these kinds of data breaches are happening more often, since businesses are prioritizing ease of use.  While paying by the tap of a credit card or phone is speedy and efficient, those practices are not always compatible with good security, Srivastava said. “If you’re looking to encrypt and then decrypt information, there’s time lags there, and so a lot of systems that are built for ease of use find those sorts of things compromised.”

He said Thermea isn’t entirely to blame for the data breach, as malicious attackers often test a number of companies within a specific vicinity in search of system weaknesses. Thermea is a well-loved establishment in Winnipeg, he said, so they won’t necessarily lose all of their business because of the data breach. There are steps Groupe Nordik can take to win back customers, such as keeping their security measures updated and ensuring customers that their information is safe, he said.

Consumers can protect themselves by changing the pins of their bank and credit cards periodically and using strong passwords for their emails, as well as multi-factor authentication or biometric verifications such as fingerprint technology. But at the end of the day, it’s a matter of trust, Srivastava said. “Their brand is going to take a hit for a little bit, but they can take steps in the future starting now to kind of win back some of that trust,” he said.

“When trust is broken in anything, it takes time to win back that trust, and sometimes you never do.” In a statement to Radio-Canada, Groupe Nordik said they hired a third-party cybersecurity firm to investigate the breach and will continue to work with them in the future. “We have since enhanced security measures on all Groupe Nordik systems, including the gift certificate system, and will continue to work with the cyber security firm to maximize the protection of our clients’ data,” the statement said.

Robins said the breach came at an unfortunate time for him and his family, as they lost their house to a fire in January 2022. He said Thermea is a bit of a local institution for Winnipeg and surrounding areas. “I’ve been there many times — really enjoy their service. It’s a real treat to be able to go to a spa.”

But Robins said Thermea will have to win his business back.

“I think giving an email notification that a breach happened is a good first step and I’m grateful for that credit where credit is due,” he said.

“But frankly given the — in my estimation — very weak data practices that this company has been engaged in, I really don’t want to go back to Thermea and jeopardize my data again with that firm.”

Tags:

buy-car-parts listed on couponmatrix.ukdeichmann-uk listed on couponmatrix.uknaked-wines listed on couponmatrix.uksecret-escapes listed on couponmatrix.ukstradivarius listed on couponmatrix.uktopdeck-travel listed on couponmatrix.uk
buy-car-parts listed on couponmatrix.ukLooking for a discount code before you buy car parts? Then you've come to the right place! At Buycarparts.co.uk, we always have a range of voucher codes available so that you can get the best deal on your purchase. Whether you're looking for a discount on tyres, brakes or any other car part, we're sure to have a Buycarparts promo code that will help you save money. So before you buy, be sure to check our website for the latest discount codes!
deichmann-uk listed on couponmatrix.ukDeichmann are renowned all over Europe for their commitment to selling shoes that look good and feel good on your feet, without making you break the bank. Their great value for money ethos is what has customers coming back again and again to get shoes for every occasion. You can cut the cost of all varieties of footwear with a Deichmann voucher code helping you save casual wear for everyday needs, formal shoes for work, trainers for working out and countless more.
naked-wines listed on couponmatrix.ukAlready a legendary institution among UK connoisseurs, Naked Wines has taken the industry by storm since thanks to a unique model that lets its customers play an active role in the business. Enjoy a discount with your Naked Wines voucher and you’ll be funding independent winemakers rather than mass-production multinationals, and you'll become part of a worldwide community of experts helping each other to enjoy the best home-grown vintages at retail prices. Fantastic wine should be for everyone, and you'll like get £75 off your first case too!
secret-escapes listed on couponmatrix.ukLuxury travel isn't a world away with Secret Escapes. The not-so-secret travel company snaps up empty hotel rooms in bulk, passing on savings to customers with discounts of up to 70% available - and that’s before our Secret Escapes vouchers lower the cost even more. Experience fabulous beach vacations, city breaks, gastronomic tours, cultural treasures and luxury spas in top destinations at ridiculously low prices - and forget having to go on an ‘ordinary’ holiday ever again
stradivarius listed on couponmatrix.ukWith roots in Spain, Stradivarius certainly has its own unique style and authenticity. Upholding a passion for fresh trends, there's an energy and vibrancy throughout the whole Stradivarius catalogue. Check our Stradivarius discount codes to save money on clothing, shoes and accessories and nurture your own unique sense of style. When fashion is your lifestyle, you need a brand that will keep up with your personality too so rest assured that with Stradivarius, you've met your match.
topdeck-travel listed on couponmatrix.ukTopdeck Travel designs epic trips for 18 – 30 somethings. Started by friends in 1973 who shared a passion for adventure, Topdeck Travel has a long history of delivering authentic and fun group travel. Today, Topdeck Travel continues to seek out and explore the hottest new travel destinations. Topdeck's trip programme spans Europe, Australia & New Zealand, Asia, North America, the Middle East & North Africa and Africa. Topdeckers from around the world enjoy a travel experience steeped in history, which retains the company's original sense of adventure combined with authenticity, friendship and great stories to share. The Topdeck Travel Affiliate Programme is a second level sales set up. Sales are initially tracked at £0.01p and once the booking has been paid in full by the customer, it will be approved and validated to the full commission. The balance on bookings is due 6 weeks before the departure date.