Canada Goose Hit by Data Breach: 600,000 Customer Records Exposed to Hackers

Post Views: 296

Luxury Outerwear Brand Investigates Data Leak Affecting 600,000 Customers

A prominent data extortion group, ShinyHunters, claims to have compromised over 600,000 customer records belonging to Canada Goose, a high-end outerwear brand. The leaked dataset, which totals 1.67 GB in size, contains detailed e-commerce order records, including sensitive information such as customer names, addresses, phone numbers, and payment card data.

According to the company, the leaked dataset appears to relate to past customer transactions, and an initial review has found no evidence of a breach of its own systems. Canada Goose has stated that it is currently assessing the accuracy and scope of the leaked data and will take necessary steps to address the situation.

Leaked Data Details

The leaked data includes partial payment card information, such as card brand, the last four digits of card numbers, and in some cases, the first six digits (BIN). Additionally, the dataset contains payment authorization metadata, order histories, device and browser information, and order values. While the dataset does not appear to contain full payment card numbers, the exposed information could still be used for targeted phishing, social engineering, and fraud.

ShinyHunters’ Claim

ShinyHunters has denied any connection between the Canada Goose data leak and recent social-engineering attacks targeting single sign-on (SSO) accounts and cloud environments. The group claims that the dataset originated from a third-party payment processor breach that occurred in August 2025. However, this claim has not been independently verified.

The dataset’s schema suggests that it may have originated from a hosted storefront and payment processing platform, which could support ShinyHunters’ claim. The group is known for stealing and leaking large volumes of customer data from major brands and online services, often targeting e-commerce platforms, SaaS services, and cloud environments.

Canada Goose’s Response

Canada Goose is continuing to review the dataset to determine its accuracy and scope, and it is unclear at this time how many customers may be affected or whether individuals will be notified. The company has reaffirmed its commitment to protecting customer information and will take necessary steps to address the situation.

ShinyHunters’ Tactics

ShinyHunters’ tactics typically involve stealing data, which is then used for extortion, sold on underground forums, or published on the group’s leak site when victims refuse to pay. The group’s activities have been linked to numerous high-profile breaches and data theft incidents in recent years, often involving vishing and social-engineering campaigns used to gain access to corporate accounts and cloud data.