Nordic spa near Toronto suffers data breach and customers are angry
A Nordic spa near Toronto has come under fire once again after a data breach compromised the information of several guests who used the company’s gift certificate system.
Groupe Nordik is a spa and wellness company based in Gatineau, Quebec, with locations in Chelsea, Winnipeg, and Whitby.
In a letter to affected customers, Nordik confirmed that it became aware of suspicious activity on the system in February 2023.
“It is possible that your personal information was accessible when purchasing a gift certificate on the platform during the period of November 4, 2022, to February 27, 2023,” the email reads.
“Please rest assured that we have done and are doing everything we can to rectify the situation.”
Some of the compromised information includes full names, street addresses, phone numbers, and credit card information.
Nordic spa near Toronto hit with lawsuit after staph infections
https://t.co/1UmC8vEpTL #Toronto #NordicSpa
— blogTO (@blogTO) October 27, 2022
Many angry customers have already taken to Google reviews to air out their frustrations against the wellness company.
“Their system got hacked and my personal information (including credit card numbers) got leaked. I’m not sure what they did after to rectify the mistake, since they only sent out a generic email. Personally, if you are worried about your own privacy protection, I’d advise against this place,” one review reads.
“I have woken up with an email telling me their gift card system was compromised over Christmas and my information, including name, address, phone number, and credit card number, were all compromised. This is ridiculous. The place hasn’t been open long enough to have all these issues,” another customer wrote.
One customer told blogTO that they were slammed with “hundreds of dollars” in false transactions after visiting the Whitby location.
The spa company has been regularly responding to the one-star Google reviews, writing, “We have enhanced security measures on all Groupe Nordik systems and will continue to work with a best-in-class third-party cyber security firm to maximize the protection of our clients’ data.”
Nordik owns Thermëa Spa Village in Whitby, which was embroiled in a $5 million lawsuit last fall after dozens of customers alleged they developed staph infections after using the spa’s saltwater pool.
Nordic spa near Toronto is back in action after pools were shut down due to health hazard https://t.co/vWKAvlhPVV #Ontario
— blogTO (@blogTO) December 2, 2022
A total of 72 plaintiffs named in the civil lawsuit alleged that they suffered immediate adverse health effects, including severe skin rashes, ear infections, and loss of hearing after using the spa’s pool.
The lawsuit alleged that during their visits, plaintiffs were exposed to harmful contaminations, including pseudomonas and staphylococcus bacteria, while using the facility’s underground saltwater pool, Källa.
An internal audit determined that the issue was related to malfunctioning parts on the facility’s disinfectant and UV systems.
Thermëa Spa Village did not immediately respond to blogTO’s request for comment, but wrote under several negative reviews that it will “continue to work with law enforcement to defend and protect the interests of our customers.”