Data Breach at Thermëa Spa Exposes Personal Information of Gift Card Customers

Winnipeg, Manitoba – Customers of Thermëa, a Nordic-style spa, have been alerted to a data breach that has potentially exposed their personal information. Groupe Nordik, the parent company of Thermëa, sent an email to affected customers on Tuesday, warning of the security incident.


The breach affected individuals who purchased gift cards for the spa between Nov. 4, 2022, and Feb. 27, 2023. According to the email sent by Groupe Nordik, a “non-authorized third party” may have accessed the names, last four digits of credit cards, and other personal information of customers who made gift card purchases through the brand during this time period.

The company stated that it first became aware of “suspicious activity” on its gift certificate system in late February. Upon discovering the potential breach, Thermëa immediately shut down the system and initiated an investigation with the assistance of a third-party cybersecurity firm. Since then, the company has implemented enhanced security measures and continues to work with the cybersecurity firm to maximize the protection of clients’ data.

Groupe Nordik has been collaborating with law enforcement to address the issue, although the company did not disclose how many Manitobans were affected by the breach. However, customers are being encouraged to report any suspicious activity, including suspicious emails or text messages, to local authorities.