- ShinyHunters leaks 600,000 Canada Goose customer records with personal and partial payment data
- Company denies breach, says dataset stems from past transactions, likely via third-party processor
- Limited card data still poses phishing and fraud risks through tailored social engineering
Hackers have leaked hundreds of thousands of customer records belonging to luxury clothing brand Canada Goose – but the company claims it wasn’t breached.
Notorious ransomware operators ShinyHunters recently added Canada Goose to its data leak site, claiming to have stolen more than 600,000 customer records.
The samples, reviewed by BleepingComputer, contained “detailed e-commerce order records” which included people’s names, email addresses, phone numbers, billing and shipping addresses, IP addresses, and order histories.
Breaching a third party
The data also included partial payment card information, including card brand, last four digits, and in some cases – the first six digits and payment authorization metadata.
At the same time, the retailer said the dataset was from past customer transactions, and not from a breach:
“Canada Goose is aware that a historical dataset relating to past customer transactions has recently been published online,” the company said.
“At this time, we have no indication of any breach of our own systems. We are currently reviewing the newly released dataset to assess its accuracy and scope and will take any further steps as may be appropriate. To be clear, our review shows no evidence that unmasked financial data was involved. Canada Goose remains committed to protecting customer information.”
There might be truth to those claims, though, since ShinyHunters told BleepingComputer that the data came from an August 2025 breach at a third-party payment processor, and the publication says the dataset’s schema “closely resembles” e-commerce checkout exports.
Obviously, the name of the breached entity was not shared.
While full payment information not being leaked is definitely good news, hackers can do plenty of damage with limited data, as well. This type of information could be used in highly sophisticated, tailored phishing attacks, which could lead to compromised accounts and even wire fraud.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/7nFUScNqssCqAANmZefPDm-800-80.jpg
Source link
