Last updated on: May 9th, 2024
PriceSmart discovered that an unknown, unauthorised third party gained access to our systems. Upon discovery, we promptly contained the incident and initiated an internal investigation. We also, via legal counsel, engaged a forensic cybersecurity firm to assist with the investigation and confirm the security of our computer systems and network. The forensic investigation determined that the unauthorised third party accessed and acquired certain files on our network for a limited period of time between October 27, 2023 and October 28, 2023.
Based on the results of the investigation, we undertook a comprehensive review of the contents of the involved files to determine what, if any, personal information they contained. We subsequently completed our review of the involved files and concluded that they contained some personal identifying information involving a limited number of our employees and less than 0.2% of our overall membership. The type of information involved varied by the individual but may have included individuals’ names, addresses, phone numbers, email addresses, dates of birth, international tax ID numbers, Social Security numbers, self-images, marital statuses, limited medical information, including some biometric data, drivers’ license or government ID numbers, passport numbers, and employment history, including criminal or administrative records. To date, we are not aware of any fraud or identity theft relating to information accessed and acquired by the unauthorised third party. Nonetheless, we are notifying the involved individuals about the incident for whom we have contact information.
The purpose of this website notice is to provide information about the incident to individuals whose information was accessed and acquired but for whom we do not have contact information. Based on the investigation, the incident involved a limited number of individuals.
We have taken steps to further reduce the risk of this type of incident occurring in the future, including reviewing and monitoring our technical security measures, as well as exploring new measures as they become available. Nevertheless, we recommend that individuals regularly monitor credit reports and financial account and benefit statements. If you detect any suspicious activity, please notify the entity that maintains the account and promptly report any fraudulent activity to proper law enforcement authorities.
We value the trust that our members and employees place in us to protect the privacy and security of their information. Individuals in Barbados with questions related to the incident, should contact our Data Privacy Officer, Bloomfield Digital Inc., c/o 28 Sunrise Drive, Pine Gardens, St. Michael, Barbados via e-mail correspondence at [email protected].