Loblaw resets passwords for all PC Plus accounts to stop counterfeit points scam

 Disgruntled  Ex-employees hacked into the PC Plus program and increased member’s points by millions. Loblaw reset all passwords to stop access to the points until they could resolve the problem.

Hackers added millions of counterfeit PC points to member’s accounts. If redeemed it would have cost the grocery chain $100s of millions.

Quick thinking at Loblaw may have saved the company millions of dollars. After it was discovered that hackers had added hundreds of millions  in counterfeit PC points to member accounts they reset all of the passwords on the system to buy time to remove the fake points before they are redeemed.

Find the poorly trained staff who would redeem the points without noticing.

It seems that ex-employees had hacked the system and added the points – both to redeem themselves with fake cards – and to cost the company millions in redemptions.  It is not clear how many points were redeemed so far. The hackers had targeted one of Loblaw’s  hiring periods where they over-hire part-time staff and provide little training. This helps weed out new hires without experience proper training.

Knowing this practice, the hackers understood it would be weeks before their unusually  large redemptions would be noticed – they just had to find the poorly trained staff who would redeem the points without noticing.

Recent issues with Canadian Rewards Programs:

  • Tim Hortons increased the prizes for Roll up the Rim to Win and missed their profit objectives Read More>
  • Air Miles changed the terms of their expiry policy Read More>

An adjustable pricing program designed to gouge customers was canceled abruptly when people caught on. The employees on the project were also fired and it is believed they are behind the hack. If they had no problem gouging customers why not the company?

Insiders say the problem goes back to a pricing program they were developing and testing in Provigo and Loblaw stores in 2015/16.  Company analysts were using their customer’s shopping data from their PC Card to develop variable pricing programs designed to charge customers the highest price possible.

Shoppers noticed the checkout price was higher than what they saw on the shelf

In the dairy department for example, they knew that stay at home women are generally more price conscious with milk men or working women. So they would adjust prices up or down depending which of these groups was shopping.  Catching men who were picking up milk on the way home from work was a prime target. They didn’t worry about the price – they just wanted to make a quick purchase and leave.

The problem with the program is that when they put the price up price sensitive shoppers noticed the price at the checkout was more than the shelf price. They started to realize that the price was being changed throughout the day and complained.  This caused executives to immediately drop the program and the staff was fired.

We will have to wait and see:

  • Will the hackers be caught and charged with an offense?
  • How many of the counterfeit points were redeemed?
  • Will members who redeemed their PC Plus points have to pay them back?
  • Did Loblaw have time to remove the extra points?

We would be interested to hear from PC Plus members – do you have a story to share?



3 thoughts on “Loblaw resets passwords for all PC Plus accounts to stop counterfeit points scam”

  1. I forgotten what email address I used it might have been Outlook.com or my new email address Gmail.com or I could have opened with Facebook on my old blackberry phone I have my PC card with me and I last had 14000 and some points so how can I reset my password and what email address to use thank you for everything


  2. Hi Eleanor
    Thanks for contacting us.
    Search your email accounts for an email dated around Feb 21st from PC Plus with the subject: “Eleanore we have reset your PC Plus Password”. This will show you the email address you used. It also has a link to help you reset your password.
    If you can’t find the email you can try calling member services during business hours at 1-855-6672-7587 and they can help resolve our issue.
    Thanks, R.W.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s