- ShinyHunters leaks 600,000 Canada Goose customer records with personal and partial payment details
- The company denies the breach and says the data set comes from past transactions, probably through a third-party processor
- Limited card data still poses risks of phishing and fraud through personalized social engineering
Hackers have leaked hundreds of thousands of customer records belonging to luxury clothing brand Canada Goose, but the company claims it was not breached.
Notorious ransomware operators ShinyHunters recently added Canada Goose to their data leak site, claiming to have stolen more than 600,000 customer records.
The samples, reviewed by beepcomputercontained “detailed e-commerce order records” that included people’s names, email addresses, phone numbers, billing and shipping addresses, IP addresses, and order histories.
Failure to comply with a third party
The data also included partial payment card information, including the card brand, the last four digits and, in some cases, the first six digits, and payment authorization metadata.
At the same time, the retailer said that the data set came from past customer transactions and not from a breach:
“Canada Goose is aware that a set of historical data relating to past customer transactions has recently been posted online,” the company said.
“At this time, we have no indication of any breach of our own systems. We are currently reviewing the newly released data set to evaluate its accuracy and scope and will take any additional action as appropriate. To be clear, our review shows no evidence that unmasked financial data was involved. Canada Goose remains committed to protecting customer information.”
However, there may be some truth to those claims, as ShinyHunters said beepcomputer that the data comes from an August 2025 breach at a third-party payment processor, and the post says the dataset’s schema “looks very similar” to e-commerce payment exports.
Obviously, the name of the breached entity was not shared.
While not leaking full payment information is definitely good news, hackers can also do a lot of damage with limited data. This type of information could be used in highly sophisticated, personalized phishing attacks, which could lead to compromised accounts and even phishing.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
