"The database contained basic personal information for customers who have an e-commerce account with one or more of Canadian Tire, SportChek, Mark's/L'Équipeur and Party City. The compromised information included names, email addresses, dates of birth, encrypted passwords, and, in some cases, incomplete credit card numbers."
"Canadian Tire also underlined that the password and credit card information could not be used to access users' accounts or to perform fraudulent transactions and purchases, and that no Canadian Tire Bank information or Triangle Rewards loyalty data was compromised in the incident."
"Passwords were stored as PBKDF2 hashes, and for a subset of records, dates of birth and partial credit card data were also included (card type, expiry, and masked card number). According to the website, roughly 42 million records were compromised in the attack, including 38.3 million email addresses."
Canadian Tire discovered an unauthorized database breach on October 2, 2025, affecting more than 38 million customer accounts across Canadian Tire, SportChek, Mark's/L'Équipeur, and Party City e-commerce platforms. The compromised data included names, email addresses, dates of birth, encrypted passwords, and incomplete credit card numbers for some accounts. The company confirmed that encrypted passwords and credit card information could not be used for fraudulent transactions, and no banking or loyalty program data was affected. The dataset was later added to Have I Been Pwned, revealing approximately 42 million records with additional exposed information including addresses, phone numbers, and gender details. Passwords were stored as PBKDF2 hashes with some records containing dates of birth and partial credit card data.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]