Customers of Winnipeg's Thermea spa alarmed after notification of …

The parent company of a popular luxury spa in Winnipeg is in hot water after a data breach opened the door for hackers to access a variety of private information from customers. This week, customers who purchased gift certificates from Thermea spa between early November and late February were told in an email that their credit card information may have been compromised, alongside their full names, phone numbers and email and street addresses. Groupe Nordik, the parent company of the spa, said that they learned of the breach in late February, shut down the gift certificate system and hired a third-party firm to investigate.

“We have since enhanced security measures on all Groupe Nordik systems, including the gift certificate system, and will continue to work with the cyber security firm to maximize the protection of our clients’ data,” the email said. Gift certificates that have not been redeemed are still valid, Groupe Nordik said. The appropriate authorities have been notified of the breach and affected customers were encouraged to keep an eye out for any suspicious activity.

Unencrypted credit card info

“What the email didn’t include, though, was any guidance around the risk of identity theft that they have now incurred for me,” John Robins told Radio-Canada in a Wednesday interview.

Robins purchased a Thermea gift certificate with his credit card at a Polo Park kiosk around Christmastime, he said. He has submitted a complaint about the breach to the Office of the Privacy Commissioner. He’s not aware of any fraudulent charges on his credit card, but he’s going through his records again.

Robins was surprised to learn that Thermea saved his credit card information for any amount of time. “I certainly did not think that I was putting myself in that level of risk when I made a simple point-of-sale transaction with Therma.” Gautam Srivastava, a Brandon University professor of computer science who specializes in cybersecurity, said it’s fairly normal for companies to keep the amount of customer information that Thermea did for situations involving marketing and repeat customers.

He said these kinds of data breaches are happening more often, since businesses are prioritizing ease of use.  While paying by the tap of a credit card or phone is speedy and efficient, those practices are not always compatible with good security, Srivastava said. “If you’re looking to encrypt and then decrypt information, there’s time lags there, and so a lot of systems that are built for ease of use find those sorts of things compromised.”

He said Thermea isn’t entirely to blame for the data breach, as malicious attackers often test a number of companies within a specific vicinity in search of system weaknesses. Thermea is a well-loved establishment in Winnipeg, he said, so they won’t necessarily lose all of their business because of the data breach. There are steps Groupe Nordik can take to win back customers, such as keeping their security measures updated and ensuring customers that their information is safe, he said.

Consumers can protect themselves by changing the pins of their bank and credit cards periodically and using strong passwords for their emails, as well as multi-factor authentication or biometric verifications such as fingerprint technology. But at the end of the day, it’s a matter of trust, Srivastava said. “Their brand is going to take a hit for a little bit, but they can take steps in the future starting now to kind of win back some of that trust,” he said.

“When trust is broken in anything, it takes time to win back that trust, and sometimes you never do.” In a statement to Radio-Canada, Groupe Nordik said they hired a third-party cybersecurity firm to investigate the breach and will continue to work with them in the future. “We have since enhanced security measures on all Groupe Nordik systems, including the gift certificate system, and will continue to work with the cyber security firm to maximize the protection of our clients’ data,” the statement said.

Robins said the breach came at an unfortunate time for him and his family, as they lost their house to a fire in January 2022. He said Thermea is a bit of a local institution for Winnipeg and surrounding areas. “I’ve been there many times — really enjoy their service. It’s a real treat to be able to go to a spa.”

But Robins said Thermea will have to win his business back.

“I think giving an email notification that a breach happened is a good first step and I’m grateful for that credit where credit is due,” he said.

“But frankly given the — in my estimation — very weak data practices that this company has been engaged in, I really don’t want to go back to Thermea and jeopardize my data again with that firm.”

Tags:

boots-pharmacy listed on couponmatrix.ukapricot listed on couponmatrix.ukasda-home-insurance listed on couponmatrix.ukcentre-of-excellence listed on couponmatrix.ukscan listed on couponmatrix.uktopdeck-travel listed on couponmatrix.uk
boots-pharmacy listed on couponmatrix.ukAs Britain’s biggest health and beauty retailer, Boots hardly need an introduction. Whether you’re stocking up your beauty bag or the bathroom cabinet, we’ve rounded up all the Boots discount codes, multi-buy offers and Advantage Card exclusives to help you save money on the essentials. Discover your favourite brands at unbeatable prices with our money-off codes, Advantage Card points and Boots app deals. From perfume to prescriptions, the UK’s number one health hub has your back!
apricot listed on couponmatrix.ukApricot was founded in 2007, with the idea of creating a collection of beautiful clothes that could appeal to both mother and daughter. The company has become well known for its signature prints, and its practical approach to what every woman needs in her wardrobe. The company today has over 500 concessions stores, and ten standalone stores in the UK and Ireland. For a little wardrobe boost why not use an Apricot discount code the next time you need a stylish new outfit?
asda-home-insurance listed on couponmatrix.ukLook after your home and everything in it without unnecessary cost to you when you purchase ASDA Home Insurance - this fully personalisable cover will ensure you’re only paying for what you need and with an ASDA Home Insurance promo code you’ll be reducing your bill to an unbelievable low. Visit the website today to get a quote for your home and start protecting all you hold dear.
centre-of-excellence listed on couponmatrix.ukGet ahead of the game and educate yourself on something new at the Centre of Excellence. The exemplary online learning platform for everything from animal care to history, you can learn a thing or two for less today by signing up with a Centre of Excellence discount code from Groupon. Whether you’re looking to put yourself ahead of the professional competition or simply learn something fresh, discover a world you never knew at the Centre of Excellence.
scan listed on couponmatrix.ukIt doesn’t matter if you’re a computer whizz or a newcomer to the keyboard, Scan can help you find the hardware and accessories you need to breeze the digital landscape. Next time you fancy upgrading your PC or shelling out for a new headset or microphone, grab a Scan discount code from Groupon and pay less for premium hardware. So whenever you’re next looking for computing essentials – whether it’s for work, leisure or a little bit of both – put your trust in Scan.
topdeck-travel listed on couponmatrix.ukTopdeck Travel designs epic trips for 18 – 30 somethings. Started by friends in 1973 who shared a passion for adventure, Topdeck Travel has a long history of delivering authentic and fun group travel. Today, Topdeck Travel continues to seek out and explore the hottest new travel destinations. Topdeck's trip programme spans Europe, Australia & New Zealand, Asia, North America, the Middle East & North Africa and Africa. Topdeckers from around the world enjoy a travel experience steeped in history, which retains the company's original sense of adventure combined with authenticity, friendship and great stories to share. The Topdeck Travel Affiliate Programme is a second level sales set up. Sales are initially tracked at £0.01p and once the booking has been paid in full by the customer, it will be approved and validated to the full commission. The balance on bookings is due 6 weeks before the departure date.