Canada Goose Data Breach Exposes 600,000 Customers
▼ Summary
– ShinyHunters, a data extortion group, claims to have stolen over 600,000 Canada Goose customer records containing personal and partial payment data.
– Canada Goose states it has found no evidence of a breach of its own systems and believes the leaked dataset relates to historical customer transactions.
– The exposed 1.67 GB dataset includes detailed order information, which could enable targeted phishing and fraud despite not containing full payment card numbers.
– ShinyHunters denies the data came from recent SSO attacks, instead claiming it originated from a third-party payment processor breach dating to August 2025.
– ShinyHunters is a prolific group known for stealing and leaking large volumes of data, often for extortion or sale on underground forums.
A significant data leak has exposed the personal information of hundreds of thousands of Canada Goose customers, though the luxury apparel company states its own systems remain secure. The incident involves a dataset of over 600,000 customer records, which the notorious ShinyHunters cybercrime group has published online. According to the company, this data appears to be historical transaction information, and an internal review has found no evidence of a breach within Canada Goose’s own digital infrastructure. The organization emphasizes that its investigation shows no evidence that unmasked financial data was involved, such as complete credit card numbers.
The published archive, weighing 1.67 gigabytes, contains extensive e-commerce order details. The information includes customer names, email and physical addresses, phone numbers, and IP addresses. It also features order histories and partial payment card data, such as the card brand and the last four digits of account numbers. In certain records, the first six digits, known as the Bank Identification Number (BIN), are also present. While this does not constitute full payment information, the depth of exposed personal data presents a serious risk. Cybercriminals could leverage this information for highly targeted phishing attempts, sophisticated social engineering schemes, and various forms of financial fraud.
The dataset provides a worrying level of detail that allows for customer profiling. Beyond contact and partial payment data, it includes purchase histories, order values, and technical information about the devices and browsers used during transactions. This enables attackers to identify and specifically target high-value customers with tailored scams. The data’s structure, with field names like ‘checkoutid’ and ‘carttoken’, suggests it originated from an e-commerce checkout system, potentially pointing to a third-party service provider rather than Canada Goose’s core systems.
When questioned about the source of this data, ShinyHunters claimed it was obtained from a breach of a third-party payment processor and is unrelated to their recent campaigns. The group has recently been associated with a series of attacks focusing on single sign-on (SSO) accounts and cloud environments. They assert this particular dataset is older, dating back to August 2025, though this claim has not been independently verified. ShinyHunters is a well-known entity in the cybersecurity world, frequently linked to major data theft incidents where stolen information is used for extortion, sold on dark web forums, or publicly leaked if a ransom is not paid.
Canada Goose has stated it is actively reviewing the published dataset to confirm its accuracy and determine the full scope of the incident. The company maintains its commitment to protecting customer data and is assessing what further steps may be necessary. It remains unclear how many individuals are ultimately affected or whether formal customer notifications will be issued as the investigation continues.
(Source: Bleeping Computer)
