Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Shoppers Drug Mart

Shoppers Drug Mart Vendor Cyber Rating & Cyber Score

shoppersdrugmart.ca

Built on a foundation of professional expertise and personal service, Shoppers Drug Mart has been meeting Canadians'​ health care needs for 50 years. What was once a small pharmacy in Toronto has grown into an organization of over 1,200 stores from coast to coast, becoming an indelible part of the lives of Canadians, young and old. Yet despite our growth, we have never forgotten our origins. We have always remained true to our belief that the personal satisfaction of each and every customer is at the root of our success - and it can only be ensured by the commitment of people who realize that success is built one customer at a time.


SDM A.I CyberSecurity Scoring

SDM
Company Information
Website:http://www.shoppersdrugmart.ca
Employees number:31,984
Number of followers:211,309
NAICS:43
Industry Type:Retail
Homepage:shoppersdrugmart.ca
SDM Risk Score (AI oriented)
Between 650 and 699
logo
SDMRetail
Updated:
01/04/2026
673/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
SDM Global Score (TPRM)
xxxx
logo
SDMRetail
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

SDM
SDMWeak
Current Score
673B (WEAK)
01000
2 incidents
-122 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
680Before Incident
JUNE 2026
679Before Incident
MAY 2026
676Before Incident
APRIL 2026
676Before Incident
MARCH 2026
794Before Incident
Breach
13 Mar 2026SDM
Shoppers Drug Mart, President’s Choice, Loblaw, No Frills and PC Optimum: “Threat Actor” on the dark web claims Loblaw’s “low-level” data breach is a much larger threat

Alleged Massive Data Breach at Loblaw

672After Incident
CRITICAL-122
NO-SHOPRELOB1773534483
Loblaw Faces Alleged Massive Data Breach as Threat Actor Demands Response A threat actor operating under the handle "igotafeeling" on the DarkWeb Informer forum has claimed to have breached Loblaw, Canada’s largest food and pharmacy retailer, which owns brands like President’s Choice, No Frills, Shoppers Drug Mart, Real Canadian Superstore, and the PC Optimum loyalty program. The actor alleges possession of over 1.8 billion records, including: - 75.1 million Salesforce customer records (names, emails, phone numbers, addresses, loyalty IDs, and health card numbers) - 724.9 million Shoppers Drug Mart records (passwords, tokens, loyalty IDs, payment details, and full credit card numbers with expiry dates) - 129.9 million pharmacy fill requests (prescription numbers and patient IDs) - 120.4 million e-commerce fraud-feed records (payment card BINs, last-four digits, and expiry dates) - 20.2 million Delivery Ops Portal records (orders, deliveries, and postal codes) - 3,014 GitLab projects containing Loblaw’s full source code - 19.3 million Oracle identity records (MFA device details and credentials) - 55.3 million marketing and email records across 673 tables The threat actor has given Loblaw until March 19 to respond, accusing the company of "ghosting" them and dismissing customer and investor concerns. They have also invited media organizations to verify the data’s authenticity. In response, Loblaw issued a March 12 press release, labeling the incident a "low-level data breach" and stating that only "basic customer information" (names, phone numbers, and emails) may have been accessed. The company explicitly denied evidence of financial or credit card data compromise directly contradicting the threat actor’s claims. While the breach remains unverified, the scale of the alleged exposure if confirmed would rank among the largest in Canadian history. The situation mirrors past high-profile breaches (e.g., T-Mobile, Equifax, Capital One), where initial corporate statements downplayed impact before later revelations proved otherwise. Loblaw customers with PC Optimum accounts, Shoppers Drug Mart loyalty cards, or prescription histories may be affected if the claims hold true. The deadline for Loblaw’s response is six days away.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Extortion (response demanded by March 19)
IMPACT
Data Compromised: Over 1.8 billion records allegedly exposedSalesforceShoppers Drug Mart systemsGitLab projectsOracle identity systemsE-commerce platformsBrand Reputation Impact: Potential significant impact if claims are verifiedIdentity Theft Risk: High (health card numbers, prescription IDs, PII)Payment Information Risk: High (full credit card numbers with expiry dates)
DATA BREACH
Customer records (names, emails, phone numbers, addresses, loyalty IDs)Health card numbersPharmacy fill requests (prescription numbers, patient IDs)Payment details (full credit card numbers with expiry dates, BINs, last-four digits)Source code (GitLab projects)MFA device details and credentials (Oracle identity records)Marketing and email recordsNumber Of Records Exposed: 1.8 billion (alleged)Sensitivity Of Data: High (PII, financial data, health information, source code)Data Exfiltration: Alleged (data sold on dark web if claims are true)Personally Identifiable Information: Yes (names, emails, phone numbers, addresses, health card numbers, prescription IDs)
FEBRUARY 2026
794Before Incident
JANUARY 2026
793Before Incident
DECEMBER 2025
793Before Incident
NOVEMBER 2025
793Before Incident
OCTOBER 2025
793Before Incident
SEPTEMBER 2025
793Before Incident
AUGUST 2025
793Before Incident
MAY 2018
802Before Incident
Breach
03 May 2018SDM
Loblaw Companies Limited, Shoppers Drug Mart and No Frills: Loblaw investigates data breach after identifying suspicious activity

Loblaw Investigates Data Breach Following Suspicious Activity

739After Incident
CRITICAL-63
LOBSHONO-1773196440
Loblaw Investigates Data Breach Following Suspicious Activity Loblaw Companies Limited, one of Canada’s largest grocery and pharmacy retailers, is investigating a potential data breach after detecting suspicious activity within its systems. The company confirmed the incident but has not disclosed specific details about the nature of the breach, the number of affected customers, or whether personal or financial data was compromised. The investigation comes as cybersecurity threats targeting retailers continue to rise, with attackers often seeking payment card information, customer records, or access to corporate networks. Loblaw operates major brands, including Shoppers Drug Mart, Real Canadian Superstore, and No Frills, serving millions of Canadians. While the company has not provided a timeline for the incident, data breaches in the retail sector typically prompt heightened monitoring for fraudulent transactions and potential regulatory scrutiny. The outcome of Loblaw’s investigation may determine whether affected individuals will be notified or offered credit monitoring services. The incident underscores the ongoing risks faced by large retailers, which remain prime targets for cybercriminals due to the vast amounts of sensitive data they handle. Further updates are expected as the investigation progresses.
INCIDENT DETAILS -
TYPE
Data Breach
DATA BREACH
Personal DataFinancial Data

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for SDM ?
?
What was SDM's A.I Rankiteo Cyber Score in June 2026 ?
?
What was SDM's A.I Rankiteo Cyber Score in May 2026 ?
?
What was SDM's A.I Rankiteo Cyber Score in April 2026 ?
?
What was SDM's A.I Rankiteo Cyber Score in March 2026 ?
?
What was SDM's A.I Rankiteo Cyber Score in February 2026 ?
?
What was SDM's A.I Rankiteo Cyber Score in January 2026 ?
?
What was SDM's A.I Rankiteo Cyber Score in December 2025 ?
?
What was SDM's A.I Rankiteo Cyber Score in November 2025 ?
?
What was SDM's A.I Rankiteo Cyber Score in October 2025 ?
?
What was SDM's A.I Rankiteo Cyber Score in September 2025 ?
?
What was SDM's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on SDM's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with SDM ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view SDM's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?