Customers of Winnipeg's Thermea spa alarmed after notification of …

The parent company of a popular luxury spa in Winnipeg is in hot water after a data breach opened the door for hackers to access a variety of private information from customers. This week, customers who purchased gift certificates from Thermea spa between early November and late February were told in an email that their credit card information may have been compromised, alongside their full names, phone numbers and email and street addresses. Groupe Nordik, the parent company of the spa, said that they learned of the breach in late February, shut down the gift certificate system and hired a third-party firm to investigate.

“We have since enhanced security measures on all Groupe Nordik systems, including the gift certificate system, and will continue to work with the cyber security firm to maximize the protection of our clients’ data,” the email said. Gift certificates that have not been redeemed are still valid, Groupe Nordik said. The appropriate authorities have been notified of the breach and affected customers were encouraged to keep an eye out for any suspicious activity.

Unencrypted credit card info

“What the email didn’t include, though, was any guidance around the risk of identity theft that they have now incurred for me,” John Robins told Radio-Canada in a Wednesday interview.

Robins purchased a Thermea gift certificate with his credit card at a Polo Park kiosk around Christmastime, he said. He has submitted a complaint about the breach to the Office of the Privacy Commissioner. He’s not aware of any fraudulent charges on his credit card, but he’s going through his records again.

Robins was surprised to learn that Thermea saved his credit card information for any amount of time. “I certainly did not think that I was putting myself in that level of risk when I made a simple point-of-sale transaction with Therma.” Gautam Srivastava, a Brandon University professor of computer science who specializes in cybersecurity, said it’s fairly normal for companies to keep the amount of customer information that Thermea did for situations involving marketing and repeat customers.

He said these kinds of data breaches are happening more often, since businesses are prioritizing ease of use.  While paying by the tap of a credit card or phone is speedy and efficient, those practices are not always compatible with good security, Srivastava said. “If you’re looking to encrypt and then decrypt information, there’s time lags there, and so a lot of systems that are built for ease of use find those sorts of things compromised.”

He said Thermea isn’t entirely to blame for the data breach, as malicious attackers often test a number of companies within a specific vicinity in search of system weaknesses. Thermea is a well-loved establishment in Winnipeg, he said, so they won’t necessarily lose all of their business because of the data breach. There are steps Groupe Nordik can take to win back customers, such as keeping their security measures updated and ensuring customers that their information is safe, he said.

Consumers can protect themselves by changing the pins of their bank and credit cards periodically and using strong passwords for their emails, as well as multi-factor authentication or biometric verifications such as fingerprint technology. But at the end of the day, it’s a matter of trust, Srivastava said. “Their brand is going to take a hit for a little bit, but they can take steps in the future starting now to kind of win back some of that trust,” he said.

“When trust is broken in anything, it takes time to win back that trust, and sometimes you never do.” In a statement to Radio-Canada, Groupe Nordik said they hired a third-party cybersecurity firm to investigate the breach and will continue to work with them in the future. “We have since enhanced security measures on all Groupe Nordik systems, including the gift certificate system, and will continue to work with the cyber security firm to maximize the protection of our clients’ data,” the statement said.

Robins said the breach came at an unfortunate time for him and his family, as they lost their house to a fire in January 2022. He said Thermea is a bit of a local institution for Winnipeg and surrounding areas. “I’ve been there many times — really enjoy their service. It’s a real treat to be able to go to a spa.”

But Robins said Thermea will have to win his business back.

“I think giving an email notification that a breach happened is a good first step and I’m grateful for that credit where credit is due,” he said.

“But frankly given the — in my estimation — very weak data practices that this company has been engaged in, I really don’t want to go back to Thermea and jeopardize my data again with that firm.”

Tags:

fhr-airport-hotels-and-parking listed on couponmatrix.uklaptops-direct listed on couponmatrix.ukmuddy-puddles listed on couponmatrix.uknational-railcards listed on couponmatrix.uksilentnight listed on couponmatrix.uktidal listed on couponmatrix.uk
fhr-airport-hotels-and-parking listed on couponmatrix.ukPut yourself first and set your next trip off to a great start with Book FHR, the family-led airport reservation service that connects you with all you need to keep you fresh and stress-free. Top off your stay with a hefty price cut from the latest FHR discount code from Groupon and ensure a relaxing night’s sleep at your preferred airport hotel, plus you can get your parking and lounge bookings sorted in one convenient space.
laptops-direct listed on couponmatrix.ukWhen you’re looking for a laptop supplier you can really rely on, with a wide range of high quality products on offer for incredible value, look no further than Laptops Direct. More than just laptops, though, there’s a vast array of computers, tablets, TVs, phones, computer accessories and more on offer, so grab a Laptops Direct discount code and see how much you can save on an office upgrade. Whatever you’re shopping for, Laptops Direct is a name you can trust.
muddy-puddles listed on couponmatrix.ukMuddy Puddles is an online retailer specializing in outdoor clothing and accessories for kids. Their mission is to get kids excited about exploring the great outdoors, no matter the weather. And with a Muddy Puddles discount code, you can save on your purchase of raincoats, wellies, and more. So whether you're looking for a new coat for your little one or some gear to get them started on their next adventure, be sure to check out Muddy Puddles.
national-railcards listed on couponmatrix.ukEvery day, millions of people rely on trains for commuting, family visits or travel, and a Railcard can provide substantial savings on these journeys. Tailored for diverse groups, including students, young adults, families and travel partners, with a Railcard you’ll pay an annual fee and then save a minimum of 33% off all train trips. Whether you're renewing or considering getting one, check Groupon for a Railcard discount to obtain yours at a reduced cost and enjoy immediate savings. To put things into perspective, using your Railcard for a discount on an off-peak return trip from Bristol to London can already cover the cost of the Railcard itself!
silentnight listed on couponmatrix.ukSleep should be a time of relaxation and comfort. With Silentnight, that comfort is made easier than ever. Providing mattresses, beds, bedding and other products related to comfort, Silentnight has the formula for perfect sleep, and with your Silentnight discount code, now you can enjoy sleeping soundly for less. Whether you're looking for the perfect firm mattress or pillow, the most luxurious duvet or bedding, or candles and fragrances to send you softly to sleep, the Silentnight range will have something for you.
tidal listed on couponmatrix.ukIf you’re after superior streaming, you need to try TIDAL. With high fidelity sound, crystal clear video quality and loads of original content, it gets you closer to the artists you love! As the world’s first artist-owned streaming service, TIDAL has been praised for its exclusive releases from industry giants including Beyonce, Jay Z and Rihanna. Make the most of a TIDAL deal from us to save on your subscription - once you’ve tried the best, there’s no going back!