- ShinyHunters leaks 600,000 Canada Goose customer records with personal and partial payment data
- The company denies the breach, saying the data set originated from previous transactions, likely via a third-party processor
- Restricted card data still poses phishing and fraud risks through tailored social engineering
Hackers have leaked hundreds of thousands of customer records belonging to luxury clothing brand Canada Goose – but the company claims it was not breached.
Notorious ransomware operators ShinyHunters recently added Canada Goose to its data breach site, claiming to have stolen more than 600,000 customer records.
The samples, reviewed by Bleeping Computercontained “detailed e-commerce order records,” which included people’s names, email addresses, phone numbers, billing and shipping addresses, IP addresses, and order history.
Breach of a third party
The data also included partial payment card information, including card tag, last four digits and in some cases – the first six digits and payment authorization metadata.
At the same time, the retailer said the data set was from previous customer transactions and not from a breach:
“Canada Goose is aware that a historical data set related to past customer transactions has recently been published online,” the company said.
“At this time, we have no indication of any breach of our own systems. We are currently reviewing the newly released data set to assess its accuracy and scope and will take further steps as appropriate. To be clear, our review shows no evidence that unmasked financial data was involved. Canada Goose remains committed to protecting customer information.”
However, there may be some truth to these claims as ShinyHunters told it Bleeping Computer that the data came from an August 2025 breach at a third-party payment processor, and the publication says the data set’s schema is “very similar” to e-commerce checkout exports.
The name of the breached device was not shared, of course.
While not having full payment information leaked is definitely good news, hackers can also do a lot of damage with limited data. This type of information can be used in highly sophisticated, tailored phishing attacks that can lead to compromised accounts and even wire fraud.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
