- ShinyHunters Discloses 600,000 Canada Goose Customer Records Containing Personal and Partial Payment Data
- The company denies any violations and says the data set comes from past transactions, likely through a third-party processor.
- Limited card data still poses risks of phishing and fraud through personalized social engineering.
Hackers have leaked hundreds of thousands of customer records belonging to luxury clothing brand Canada Goose, but the company says they were not hacked.
Notorious ransomware operators ShinyHunters recently added Canada Goose to their data leak site, claiming to have stolen over 600,000 customer records.
The samples, examined by BeepComputercontained “detailed records of e-commerce orders” including people’s names, email addresses, phone numbers, billing and shipping addresses, IP addresses, and order history.
Harm to a third party
The data also included partial information about the payment card, including the card brand, the last four digits and, in some cases, the first six digits, and payment authorization metadata.
At the same time, the retailer said the data set came from past customer transactions and not a breach:
“Canada Goose is aware that a set of historical data relating to past customer transactions has recently been published online,” the company said.
“At this time, we have no indication of any breach of our own systems. We are currently reviewing the newly released data set to assess its accuracy and scope and will take any additional actions that may be appropriate. To be clear, our review shows no evidence that unmasked financial data was involved. Canada Goose remains committed to protecting customer information.”
There may be some truth to these claims, however, as ShinyHunters said BeepComputer that the data came from an August 2025 breach at a third-party payment processor, and the publication states that the schema of the dataset “looks very similar” to e-commerce checkout exports.
Obviously, the name of the breached entity was not shared.
While not disclosing full payment information is good news, hackers can also cause a lot of damage with limited data. This type of information could be used in highly sophisticated and personalized phishing attacks, which could lead to compromised accounts or even wire fraud.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
