Updated January 23, 2023

Notice of security incident

Dear Running Room Community,

We are posting to let you know about a security incident we recently identified and addressed involving a subset of user data. We know transparency is important to our community, and we want to share with you what we have learned from our investigation, the measures we have taken, as well as steps you can take.

What happened?

We recently identified that an unauthorized group obtained access to Running Room’s Canadian online shop checkout in order to skim for email, name, address, phone #, and credit card information (number, expiry date, and CVV) between the dates of November 19, 2022-January 18, 2023. In response to this discovery, we immediately launched an investigation and have removed their ability to obtain this information.

What information was involved?

If you purchased something on Running Room Canada’s website between November 19, 2022, and January 18, 2023, the skimming may have captured your email address, name, address, phone #, and credit card information (number, expiry date, and CVV).

What are we doing?

We located and removed the vulnerability immediately upon becoming aware of the unauthorized access. Additionally, to help prevent something like this from happening in the future, we have implemented enhanced security measures.

We are also cooperating with law enforcement, privacy commissions, and the Canadian Center for Cyber Security.

What you can do

You can continue to use Running Room without further action.

The next time you log into your account, you should reset your password. You can reset your password by clicking here. Also, if you use the same username and password you created for Running Room for any other online service, we recommend you change your password there, too.

You should also review your credit card billing statements and notify your credit card provider of any suspicious activity and vulnerability to your card. They will recommend the appropriate actions.

Were all Running Room user accounts involved?

Not all Running Room customers were involved in the incident. If you purchased something on Running Room Canada’s website between November 19, 2022, and January 18, 2023, the skimming may have captured your email address, name, address, phone #, and credit card information (number, expiry date, and CVV). If you are receiving this email you have been identified as having made a purchase during this period.

If my data was involved, what are my risks? Could my identity be stolen?

It is believed the intent of the skimming was for the resale of the credit card information attained. There is the possibility that the information may be used for social engineering, phishing and misrepresentation of the individual.

Is it safe to continue using my Running Room account?

Yes. We located and removed the vulnerability immediately upon becoming aware of the unauthorized access. Additionally, to help prevent something like this from happening in the future, we have implemented enhanced security measures.

We take our obligation to safeguard your data very seriously and are alerting you about this issue so you can take steps to help protect your information.

We recommend you:

  • Watch out for potential phishing scams, spam emails, and suspicious payment requests.
  • Review & monitor your accounts for suspicious activity.
  • Be cautious of any unsolicited communications that ask for your data or refer you to a web page asking for personal data.
  • Avoid clicking on links or downloading attachments from suspicious emails.

Where to find more information

We deeply regret this incident happened. For more information and answers to frequently asked questions, please visit the Running Room Support Page or email us at customerservice@runningroom.zendesk.com.

Sincerely,
The Running Room Team