Exposed data may have included customer names, email addresses, phone numbers and postal codes, according to a notice sent by Ikea Canada to impacted customers.

The company stated that no banking or financial information was accessed.

"While we can't speculate as to why the search was made, we can share that we have taken actions to remedy the situation," Ikea Canada's Public Relations Leader Kristin Newbigging said. "We have also reviewed our internal processes and reminded our co-workers of their obligation to protect customer information."

In addition to notifying potentially affected customers, Ikea Canada submitted a breach report to the Office of the Privacy Commissioner of Canada (OPC).‍

What's Next?

Organizations and their employees need to be more vigilant than ever when it comes to protecting customer and business data through cybersecurity training and practices. In fact, according to the OPC, there were 782 breach reports that affected at least 9 million Canadian accounts during the 2020-21 fiscal year.

To best protect their operations, employers should consider providing employee training, implementing workplace policies and obtaining insurance coverages for cyber incidents. This includes making sensitive data available on a "need-to-know" basis, only granting access to select employees.

Additionally, employers can provide employees with resources for steps to take when their personal data has been compromised, including guidance on what to do in the event of a data breach and how to protect personal information.

Contact us for additional cybersecurity guidance.