Did you shop at Toys ‘R’ Us between November 2016 and Jan. 17? Your member points information may have been accessed, the toy company announced last week.
Rewards ‘R’ Us members earn a point for every dollar they spend, which can be used as real cash for store purchases.
“The vendor who manages our Rewards ‘R’ Us loyalty program recently advised us of unauthorized attempts to access loyalty member accounts,” said the Wayne, New Jersey-based retailer in an email notification. “It appears this was an effort to fraudulently redeem Rewards coupons beginning in November. We expect this activity is related to previously reported online breaches, not affiliated with Toys ‘R’ Us, where thieves stole login names and passwords. This may be because the thieves know that users tend to have the same password across multiple accounts.”
The retail chain’s computer network wasn’t technically hacked, but cybercriminals may have accessed members’ email addresses, names, mailing addresses and phone numbers. Rewards ‘R’ Us accounts don’t store users’ credit card information or social security numbers.
Toys ‘R’ Us reset member passwords and recommended using a different password for different online accounts.