Disgruntled Ex-employees hacked into the PC Plus program and increased member’s points by millions. Loblaw reset all passwords to stop access to the points until they could resolve the problem.
Quick thinking at Loblaw may have saved the company millions of dollars. After it was discovered that hackers had added hundreds of millions in counterfeit PC points to member accounts they reset all of the passwords on the system to buy time to remove the fake points before they are redeemed.
Find the poorly trained staff who would redeem the points without noticing.
It seems that ex-employees had hacked the system and added the points – both to redeem themselves with fake cards – and to cost the company millions in redemptions. It is not clear how many points were redeemed so far. The hackers had targeted one of Loblaw’s hiring periods where they over-hire part-time staff and provide little training. This helps weed out new hires without experience proper training.
Knowing this practice, the hackers understood it would be weeks before their unusually large redemptions would be noticed – they just had to find the poorly trained staff who would redeem the points without noticing.
Recent issues with Canadian Rewards Programs:
- Tim Hortons increased the prizes for Roll up the Rim to Win and missed their profit objectives Read More>
- Air Miles changed the terms of their expiry policy Read More>
Insiders say the problem goes back to a pricing program they were developing and testing in Provigo and Loblaw stores in 2015/16. Company analysts were using their customer’s shopping data from their PC Card to develop variable pricing programs designed to charge customers the highest price possible.
Shoppers noticed the checkout price was higher than what they saw on the shelf
In the dairy department for example, they knew that stay at home women are generally more price conscious with milk men or working women. So they would adjust prices up or down depending which of these groups was shopping. Catching men who were picking up milk on the way home from work was a prime target. They didn’t worry about the price – they just wanted to make a quick purchase and leave.
The problem with the program is that when they put the price up price sensitive shoppers noticed the price at the checkout was more than the shelf price. They started to realize that the price was being changed throughout the day and complained. This caused executives to immediately drop the program and the staff was fired.
We will have to wait and see:
- Will the hackers be caught and charged with an offense?
- How many of the counterfeit points were redeemed?
- Will members who redeemed their PC Plus points have to pay them back?
- Did Loblaw have time to remove the extra points?
We would be interested to hear from PC Plus members – do you have a story to share?