Customers of Winnipeg's Thermea spa alarmed after notification of …

The parent company of a popular luxury spa in Winnipeg is in hot water after a data breach opened the door for hackers to access a variety of private information from customers. This week, customers who purchased gift certificates from Thermea spa between early November and late February were told in an email that their credit card information may have been compromised, alongside their full names, phone numbers and email and street addresses. Groupe Nordik, the parent company of the spa, said that they learned of the breach in late February, shut down the gift certificate system and hired a third-party firm to investigate.

“We have since enhanced security measures on all Groupe Nordik systems, including the gift certificate system, and will continue to work with the cyber security firm to maximize the protection of our clients’ data,” the email said. Gift certificates that have not been redeemed are still valid, Groupe Nordik said. The appropriate authorities have been notified of the breach and affected customers were encouraged to keep an eye out for any suspicious activity.

Unencrypted credit card info

“What the email didn’t include, though, was any guidance around the risk of identity theft that they have now incurred for me,” John Robins told Radio-Canada in a Wednesday interview.

Robins purchased a Thermea gift certificate with his credit card at a Polo Park kiosk around Christmastime, he said. He has submitted a complaint about the breach to the Office of the Privacy Commissioner. He’s not aware of any fraudulent charges on his credit card, but he’s going through his records again.

Robins was surprised to learn that Thermea saved his credit card information for any amount of time. “I certainly did not think that I was putting myself in that level of risk when I made a simple point-of-sale transaction with Therma.” Gautam Srivastava, a Brandon University professor of computer science who specializes in cybersecurity, said it’s fairly normal for companies to keep the amount of customer information that Thermea did for situations involving marketing and repeat customers.

He said these kinds of data breaches are happening more often, since businesses are prioritizing ease of use.  While paying by the tap of a credit card or phone is speedy and efficient, those practices are not always compatible with good security, Srivastava said. “If you’re looking to encrypt and then decrypt information, there’s time lags there, and so a lot of systems that are built for ease of use find those sorts of things compromised.”

He said Thermea isn’t entirely to blame for the data breach, as malicious attackers often test a number of companies within a specific vicinity in search of system weaknesses. Thermea is a well-loved establishment in Winnipeg, he said, so they won’t necessarily lose all of their business because of the data breach. There are steps Groupe Nordik can take to win back customers, such as keeping their security measures updated and ensuring customers that their information is safe, he said.

Consumers can protect themselves by changing the pins of their bank and credit cards periodically and using strong passwords for their emails, as well as multi-factor authentication or biometric verifications such as fingerprint technology. But at the end of the day, it’s a matter of trust, Srivastava said. “Their brand is going to take a hit for a little bit, but they can take steps in the future starting now to kind of win back some of that trust,” he said.

“When trust is broken in anything, it takes time to win back that trust, and sometimes you never do.” In a statement to Radio-Canada, Groupe Nordik said they hired a third-party cybersecurity firm to investigate the breach and will continue to work with them in the future. “We have since enhanced security measures on all Groupe Nordik systems, including the gift certificate system, and will continue to work with the cyber security firm to maximize the protection of our clients’ data,” the statement said.

Robins said the breach came at an unfortunate time for him and his family, as they lost their house to a fire in January 2022. He said Thermea is a bit of a local institution for Winnipeg and surrounding areas. “I’ve been there many times — really enjoy their service. It’s a real treat to be able to go to a spa.”

But Robins said Thermea will have to win his business back.

“I think giving an email notification that a breach happened is a good first step and I’m grateful for that credit where credit is due,” he said.

“But frankly given the — in my estimation — very weak data practices that this company has been engaged in, I really don’t want to go back to Thermea and jeopardize my data again with that firm.”

Tags:

bloom-and-wild listed on couponmatrix.ukcloud-learn listed on couponmatrix.ukdfds-seaways listed on couponmatrix.ukthe-edinburgh-dungeon listed on couponmatrix.uklights4fun listed on couponmatrix.uksaga-travel-insurance listed on couponmatrix.uk
bloom-and-wild listed on couponmatrix.ukShow you care with a beautiful bouquet from Bloom & Wild. If you want a quick, simple way to send flowers - be it a colourful collection of peonies and roses or larger blends of white lilies, altitude roses and lisianthus - you'll find the perfect pick with this great selection. Make the most of a Bloom & Wild voucher from us and save on a gorgeous bunch for that special someone.
cloud-learn listed on couponmatrix.ukCloud Learn is an online education platform that offers a GCSE and A-Level courses and programs to help people learn new skills and pass their exams. They are perfect for home schoolers, re-sitters, or people simply wanting to do their courses online. One of the unique things about Cloud Learn is that they offer a discount code to save on your purchase. This makes learning new things more affordable and accessible for everyone. So don’t forget to check out Cloud Learn discount codes to save today! Here at Groupon, we understand the importance of finding ways to save money. That's why we work hard to find the best discount codes and deals on products and services that you use every day. When it comes to Cloud Learn, we have a variety of codes that you can use to save on your purchase. Be sure to check back often as our deals are updated regularly. And don't forget to tell your friends about us so they can start saving too! If you're looking for a top-quality education product, look no further than Cloud Learn. They offer a wide range of GCSE and A-Level courses and programs that are perfect for everyone. And with their voucher code, you can save even more on your purchase. So if you're looking for an affordable and convenient way to expand your knowledge, be sure to check out Cloud Learn voucher code to save, happy learning!
dfds-seaways listed on couponmatrix.ukSailing with DFDS Seaways is oh so much fun! You will find comfort, convenience and of course bracing, expansive views of the English Channel and North Sea. With a fleet of vessels that are designed around you and your comfort you can truly sit back and relax as you are whisked effortlessly to your destination, and with a DFDS voucher code from Groupon your journey won’t break the bank.
the-edinburgh-dungeon listed on couponmatrix.ukYou've been trialled and found guilty, the Edinburgh Dungeon awaits. Bringing together historical events, live actors and creepy exhibitions, the Edinburgh Dungeon is the spookiest activity in Edinburgh. The dungeon historically had some infamous inmates and brings together a dose of horror with history as you find yourself walking around the courtroom, torture chamber, vaults and the plague-ridden old town. With your Edinburgh Dungeons discount, you can have an unforgettable experience for less. Are you brave enough?
lights4fun listed on couponmatrix.ukLight up your life with Lights4fun, the decorative lighting store with a difference. From twinkling fairy lights to festive set ups, you’ll find the perfect addition with this great range. Make the most of a Lights4fun discount code to discover string lights, seasonal decorations and sturdy outdoor lights designed to last. With a two year guarantee and top notch customer service, Lights4fun is your go-to for all of your decorative lighting needs.
saga-travel-insurance listed on couponmatrix.ukThere’s nothing better than heading off on holiday, but whilst travelling is exciting, there’s also an element of risk being so far away from home. With Saga, you can easily cover yourself for any mishaps whilst away so you can properly relax. Pick up your Saga Travel Insurance discount code to save on your insurance package and keep more money to enjoy whilst travelling. Whether you lose your passport or get into an accident, the Travel Insurance team at Saga are here for you.