VANCOUVER -- Update June 9, 2021- Trail Appliances BC says it has safely restored its IT systems following a cyberattack on May 14. The company says it reported it to RCMP on May 19, the same day McLaughlin On Your Side broke the story following a whistleblower complaint. Trail is still investigating but tells CTV News, "At this time, we believe that our payment systems were not affected and that customers’ credit card numbers and other payment information are not at risk. We use a secure third-party payment processor for transactions and do not store that type of data."
Western Canada’s largest appliance retailer, Trail Appliances B.C., has launched an investigation after being struck by a cyberattack last week.
On Tuesday, Trail Appliances B.C. updated its website, stating: “Our core services pertaining to order processing and payment, online purchases, deliveries, and order pick up in-store or at our warehouses are temporarily unavailable. In addition, our email system and parts of our phone network are also affected."
The company said it does not believe its payment systems or customer credit card information are at risk.
Trail Appliances has hired outside experts to investigate the attack to determine the extent of last Friday's data breach and to restore services. A company employee shared an internal email with CTV News sent to employees on Friday that indicates employees were told when the attack happened to say it was a system outage until they knew more and not to talk to the media about it.
That same employee sent us information indicating this could have been a ransomware attack that encrypts data until a company pays up.
“I understand they didn’t know what information was lost but they should also be very understanding that that information is valuable and it’s dangerous if it’s in the wrong hands,” said Richard Wylie.
Wylie is a salesperson at Trail Appliances and says he posted the information about the cyberattack to his Twitter account on Saturday, before the company posted revealed the cyberattack on its website.
“So it’s very important that that information gets out ASAP, that there’s been a breach," he says. "And for somebody to say, 'we don’t know what’s happened but you need to protect yourself because something may have happened.'"
In an email to Mclaughlin On Your Side, Trail Appliances did not provide new details about the data breach, except to say it’s working diligently to safely restore its systems and services as soon as possible. It’s still investigating the scope of the attack and will provide further updates to customers when the investigation is complete.
The B.C. Office of the Information and Privacy Commissioner told CTV News that B.C. companies are not required to report data breaches but that it strongly encourages them to do so.
The agency points out that there are four steps to take when hit by a cyberattack - contain the breach, evaluate the risks, notification and prevention.
“Currently the requirement is that they take reasonable steps to safeguard personal information and we would say that part of taking reasonable safeguards includes notifying individuals, if they realize personal information has been compromised," said Oline Twiss, deputy commissioner of the Office of Information and Privacy Commissioner for B.C.
However, it’s currently not required under B.C. law and the commissioner has asked that the government include mandatory breach reporting under BC laws."