Customers of Winnipeg's Thermea spa alarmed after notification of …

The parent company of a popular luxury spa in Winnipeg is in hot water after a data breach opened the door for hackers to access a variety of private information from customers. This week, customers who purchased gift certificates from Thermea spa between early November and late February were told in an email that their credit card information may have been compromised, alongside their full names, phone numbers and email and street addresses. Groupe Nordik, the parent company of the spa, said that they learned of the breach in late February, shut down the gift certificate system and hired a third-party firm to investigate.

“We have since enhanced security measures on all Groupe Nordik systems, including the gift certificate system, and will continue to work with the cyber security firm to maximize the protection of our clients’ data,” the email said. Gift certificates that have not been redeemed are still valid, Groupe Nordik said. The appropriate authorities have been notified of the breach and affected customers were encouraged to keep an eye out for any suspicious activity.

Unencrypted credit card info

“What the email didn’t include, though, was any guidance around the risk of identity theft that they have now incurred for me,” John Robins told Radio-Canada in a Wednesday interview.

Robins purchased a Thermea gift certificate with his credit card at a Polo Park kiosk around Christmastime, he said. He has submitted a complaint about the breach to the Office of the Privacy Commissioner. He’s not aware of any fraudulent charges on his credit card, but he’s going through his records again.

Robins was surprised to learn that Thermea saved his credit card information for any amount of time. “I certainly did not think that I was putting myself in that level of risk when I made a simple point-of-sale transaction with Therma.” Gautam Srivastava, a Brandon University professor of computer science who specializes in cybersecurity, said it’s fairly normal for companies to keep the amount of customer information that Thermea did for situations involving marketing and repeat customers.

He said these kinds of data breaches are happening more often, since businesses are prioritizing ease of use.  While paying by the tap of a credit card or phone is speedy and efficient, those practices are not always compatible with good security, Srivastava said. “If you’re looking to encrypt and then decrypt information, there’s time lags there, and so a lot of systems that are built for ease of use find those sorts of things compromised.”

He said Thermea isn’t entirely to blame for the data breach, as malicious attackers often test a number of companies within a specific vicinity in search of system weaknesses. Thermea is a well-loved establishment in Winnipeg, he said, so they won’t necessarily lose all of their business because of the data breach. There are steps Groupe Nordik can take to win back customers, such as keeping their security measures updated and ensuring customers that their information is safe, he said.

Consumers can protect themselves by changing the pins of their bank and credit cards periodically and using strong passwords for their emails, as well as multi-factor authentication or biometric verifications such as fingerprint technology. But at the end of the day, it’s a matter of trust, Srivastava said. “Their brand is going to take a hit for a little bit, but they can take steps in the future starting now to kind of win back some of that trust,” he said.

“When trust is broken in anything, it takes time to win back that trust, and sometimes you never do.” In a statement to Radio-Canada, Groupe Nordik said they hired a third-party cybersecurity firm to investigate the breach and will continue to work with them in the future. “We have since enhanced security measures on all Groupe Nordik systems, including the gift certificate system, and will continue to work with the cyber security firm to maximize the protection of our clients’ data,” the statement said.

Robins said the breach came at an unfortunate time for him and his family, as they lost their house to a fire in January 2022. He said Thermea is a bit of a local institution for Winnipeg and surrounding areas. “I’ve been there many times — really enjoy their service. It’s a real treat to be able to go to a spa.”

But Robins said Thermea will have to win his business back.

“I think giving an email notification that a breach happened is a good first step and I’m grateful for that credit where credit is due,” he said.

“But frankly given the — in my estimation — very weak data practices that this company has been engaged in, I really don’t want to go back to Thermea and jeopardize my data again with that firm.”

Tags:

bower-collective listed on couponmatrix.ukccl-computers listed on couponmatrix.ukclickgolf listed on couponmatrix.ukmedino listed on couponmatrix.uktapas-revolution listed on couponmatrix.ukwe-buy-any-car listed on couponmatrix.uk
bower-collective listed on couponmatrix.ukMeet Bower Collective, the brand kickstarting the planet-first and plastic-free revolution. From deodorant and toothpaste to washing up liquid and cleaning spray, everything you need is cheap, convenient and contains zero plastic. If you pick up a Bower Collective dispenser, you can simply keep them stocked with cheap refills and greatly reduce your household waste. With new customer offers, subscription discounts and our Bower Collective discount codes, switching to an eco-lifestyle is more affordable than ever!
ccl-computers listed on couponmatrix.ukAs the home for desktop PCs, gaming computers and laptops, CCL Computers is the best in business when it comes to quality and affordability. Whether you're in need of a high-performance gaming rig or a reliable work laptop, we can help you get the most out of your money with a CCL discount code. At CCL Computers, you’ll find substantial savings on popular tech brands like Acer, Lenovo and Horizon, including laptops as well as components and graphics cards to build your own PC.
clickgolf listed on couponmatrix.ukClickGolf have made themselves the nation's favourite online golf gear retailer with a highly alluring combination of top brands, free delivery, premium customer service and some excellent on-house financing options to get you out onto the fairway improving your handicap with as little fuss as possible. Our Click Golf discount code will help you upgrade to equipment that'll work wonders on your stroke - or you can opt to spend the savings you make at the nineteenth hole: The choice is yours.
medino listed on couponmatrix.ukWhen you feel under the weather, a trip to the pharmacy can feel like an impossible feat – that’s where Medino steps in. It’s the pharmacy from your phone, where you can order prescriptions, cold and flu remedies, hay fever tablets and skincare products from the comfort of your home (or bed!). Save yourself the trouble with a Medino discount code and choose one of the fast, free delivery options. With a healthy student discount and amazing offers, you’ll be back to your old self in no time.
tapas-revolution listed on couponmatrix.ukIndulge in Spain’s top cuisine at Tapas Revolution, where spicy paella, tacos and calamares fritos top the menu. Tapas is meant to be shared with a group, so get the gang together and order a spread with shangri and cocktails all ’round! The Tapas Revolution discounts we have at Groupon can keep your celebration costs down, so check here for a percentage discount on your food bill or a free drink to quench your thirst. A Tapas Revolution awaits from Bath to Newcastle, so you won’t need to travel far to get an authentic Madrid experience.
we-buy-any-car listed on couponmatrix.ukDon’t let your tired, old C1 or Ford Fiesta sit in a garage – sell it through We Buy Any Car for a cash payment in less than an hour! Enter your registration on the website to get a free valuation and then book an appointment at a branch that is usually just 13 minutes away. Sell your car with convenience and use a We Buy Any Car voucher code to land the best deal with a four-day price guarantee. We Buy Any Car will purchase vehicles in any condition and with any mileage, so sell over the website to get your car taken off your hands without the haggle.