B&R Computers - IT Services & Cybersecurity in Lehigh Valley

Managed IT Services in Allentown, Reading & Berks County

B&R Computers provides 24/7 system monitoring, expert IT support, patch management, server and workstation management, network optimization, backup and disaster recovery, and help desk support for businesses in Allentown, Reading, Wyomissing, Kutztown, and throughout Lehigh Valley and Berks County, Pennsylvania. Our managed IT services follow industry best practices recommended by NIST Cybersecurity Framework.

Cybersecurity Solutions for Lehigh Valley Businesses

Protect your business with 24/7 security and threat monitoring, advanced endpoint protection, security incident response, vulnerability assessments, and compliance management including HIPAA, FTC Safeguards Rule, and CMMC from B&R Computers. We also provide security awareness training to help your team recognize and prevent cyber threats, following guidelines from CISA.

AI Consulting & Workflow Automation

Transform your business with AI strategy and planning, workflow automation, and AI adoption training. B&R Computers helps businesses in Berks County and Lehigh Valley leverage artificial intelligence to increase efficiency and reduce costs.

About B&R Computers

B&R Computers has over 20 years of experience providing IT services and cybersecurity solutions to businesses in the Lehigh Valley and Berks County. We are locally owned and operated in Kutztown, PA. Connect with us on Facebook and LinkedIn. We follow cybersecurity best practices recommended by the U.S. Small Business Administration (SBA).

Why Choose B&R Computers

B&R Computers is your trusted partner for managed IT support, regulatory compliance, and business automation. We serve businesses of all sizes across the Lehigh Valley and Berks County with tailored technology solutions. View our sitemap for a complete overview of our services.

Contact B&R Computers

Call (484) 641-8083 or email [email protected]. Visit us at 7 S. Kemp Rd., Kutztown, PA 19530. Contact us today for a free consultation. Serving Allentown, Reading, Wyomissing, Kutztown, and all of Berks County and Lehigh Valley, Pennsylvania. Book a strategy call online.

B&R Computers
Back to Blog
March 16, 2026Cybersecurity

The Retail Risk: What the Loblaw and CarGurus Breaches Tell Us About Your Data in 2026

The Retail Risk: What the Loblaw and CarGurus Breaches Tell Us About Your Data in 2026

It’s Monday, March 16, 2026, and if you feel like you’re reading about a new data breach every time you have your morning coffee, you aren’t imagining it. We’ve seen a relentless "Chain of Risk" forming over the last few days, and today’s confirmation of the Loblaw and CarGurus incidents is the latest link in a very dangerous trend.

At B&R Computers, we keep a close eye on these things because they aren’t just headlines; they are blueprints for how hackers will target your business next week. Last week it was Telus Digital (March 13) and Ericsson (March 14). Yesterday, it was the marketing data at AppsFlyer (March 15). Today, the focus shifts to retail and service platforms.

Here is what happened, why it matters, and why "Credential Drift" is the term you need to know in 2026.

The Loblaw Disclosure: More Than "Just" Names and Emails

On March 10, Loblaw Companies Limited (Canada's largest retailer) first signaled they had an issue. Today, March 16, we have the confirmation. A criminal third party gained access to a segment of their IT network. They managed to walk away with basic Personally Identifiable Information (PII): names, phone numbers, and email addresses.

Loblaw was quick to point out that health records, credit card numbers, and passwords weren’t touched. In the cybersecurity world, we call this a "limited" breach. But don't let that fool you into a false sense of security.

When a hacker gets a list of millions of names and phone numbers, they aren't looking to steal your identity immediately. They are building a Victim Profile. If I know you shop at Loblaw, I can send you a text message (SMS phishing or "Smishing") that looks like a legitimate "PC Optimum" points alert. Because I have your real name and phone number, you’re ten times more likely to click the link.

Digital victim profile being assembled from retail data breach information and phishing alerts.

CarGurus: 12.4 Million Records Out in the Wild

While Loblaw was confirming their numbers, CarGurus was dealing with a massive leak reported yesterday, March 15. Reports indicate that 12.4 million records were exposed. For a platform that connects buyers and sellers of vehicles, that data is incredibly specific.

This isn't just a general list; it’s a list of people with specific financial intent. If you combine the CarGurus data with the Loblaw data, a sophisticated hacker now knows who you are, how to contact you, where you buy your groceries, and what kind of car you’re looking for.

This brings us to the biggest threat of 2026: Credential Drift.

Understanding 'Credential Drift'

Credential Drift is what happens when your security posture "drifts" from strong to weak without you realizing it. It usually starts with a low-stakes breach like Loblaw.

You think, "Oh, it’s just my grocery store account, I don't care if they have that password." But humans are creatures of habit. You likely use a variation of that password elsewhere. Or, more dangerously, you use that same email address for everything.

Hackers use "Credential Stuffing" bots to take the emails leaked from Loblaw and CarGurus and test them against Microsoft 365, banking portals, and your company’s VPN. Even if the password isn't the same, the leaked phone number allows them to attempt SIM swapping or sophisticated social engineering to bypass your security. The risk "drifts" from your personal grocery list to your company’s private server.

Conceptual map of credential drift moving from personal retail accounts to corporate business servers.

The 'Chain of Risk' Series: Connecting the Dots

If you’ve been following our blog this week, you’ll notice a pattern. We are calling this the 2026 Chain of Risk.

  • March 13: Telus Digital showed us how communication infrastructure is the first target.
  • March 14: Ericsson highlighted the hardware and vendor vulnerabilities.
  • March 15: AppsFlyer proved that even "background" marketing data is a goldmine.
  • Today, March 16: Loblaw and CarGurus show how consumer-facing platforms are the "front door" for attackers.

These aren't isolated incidents. They are a coordinated effort by threat actors to aggregate data from multiple sources to create an un-hackable social engineering script. If they know your boss's name (from a LinkedIn scrape), your work email (from the Telus breach), and your personal habits (from Loblaw), they can craft an email that even the most skeptical employee might click.

The Vaccine: Why Passkeys Are No Longer Optional

In the past, we've talked about Passkeys being the "vaccine" for credential theft. These latest breaches prove why we were banging that drum so hard.

Passkeys replace traditional passwords with biometric authentication (like FaceID or a fingerprint) that is unique to the device and the website. If Loblaw had used Passkeys across the board, the leaked "credentials" would be useless to a hacker because there is no password to "stuff" into another site.

If your business is still relying on "Password + SMS Code" for security, you are living in 2016, not 2026. You need to move toward phishing-resistant MFA immediately.

Secure biometric fingerprint scanner representing modern passkey technology and phishing-resistant MFA.

URGENT: Patch Your Chrome Browser Right Now

While we’re talking about retail risks, we have an immediate technical fire to put out. As of this morning, March 16, several new Zero-Day vulnerabilities have been discovered in Google Chrome.

These vulnerabilities allow for "Remote Code Execution." In plain English, that means a hacker can run programs on your computer just by getting you to visit a malicious website. Combined with the phishing links we expect to see from the Loblaw and CarGurus leaks, this is a perfect storm.

Stop what you are doing, go to Chrome Settings > About Chrome, and make sure you are updated to the latest version. Do this for every computer in your office.

How B&R Computers Can Help

If you’re a business owner, reading about 12.4 million leaked records is exhausting. You have a business to run; you can't spend all day tracking "Credential Drift."

That’s why we’re here. Our Cybersecurity Solutions are designed to stop the "drift" before it hits your bottom line. We manage the patches (like today's Chrome update), implement Passkey technology, and monitor the dark web to see if your company’s data is part of the latest retail leak.

From Managed IT Services that keep your hardware running to advanced threat hunting that keeps the hackers out, we provide the peace of mind you need to actually get some work done.

Managed IT services and cybersecurity command center protecting business networks from data breaches.

Final Thoughts

The Loblaw and CarGurus breaches are a reminder that in 2026, there is no such thing as "unimportant data." Every piece of information a hacker gets is a tool they will use to try and pry open your more valuable accounts.

Don't wait for your company to become the next link in the Chain of Risk. Let's get ahead of it.

Want to see where your business stands?
Book a 15-minute Cyber Strategy Session with our team today.

Or, if you want to DIY your initial defense, download our SMB Cyber Playbook for a step-by-step guide on securing your perimeter.

Tags:BreachSecurityRetail
All Posts

Need Help with Your IT?

Our team of experts is ready to help secure and optimize your business technology.