Estafette
Compose Login
You are browsing eu.zone1 in read-only mode. Log in to participate.
rss-bridge 2026-02-28T17:52:44+00:00

Canadian Tire 2025 data breach impacts 38 million users

A data breach at Canadian Tire exposed personal data from over 38 million accounts, including contact details and encrypted passwords. More than 38 million accounts were affected by an October 2025 data breach at Canadian retail giant Canadian Tire (CTC). The incident marks one of the largest retail data breaches in Canada, raising concerns about […]

---

- Home

- Cyber Crime

- Cyber warfare

- APT

- Data Breach

- Deep Web

- Hacking

- Hacktivism

- Intelligence

- Artificial Intelligence

- Internet of Things

- Laws and regulations

- Malware

- Mobile

- Reports

- Security

- Social Networks

- Terrorism

- ICS-SCADA

- Crypto

- POLICIES

- Contact me

MUST READ

Canadian Tire 2025 data breach impacts 38 million users

Microsoft warns of RAT delivered through trojanized gaming utilities

Aeternum botnet hides commands in Polygon smart contracts

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

Juniper issues emergency patch for critical PTX router RCE

How AI Aids Incident Response: Why Humans Alone Cannot Do IR Efficiently

12 Million exposed .env files reveal widespread security failures

ManoMano data breach impacted 38 Million customer accounts

Trend Micro fixes two critical flaws in Apex One

UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor

U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control

Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries

Untrusted repositories turn Claude code into an attack vector

ShinyHunters cyberattack on CarGurus impacts 12.4 Million users

U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog

Lazarus APT group deployed Medusa Ransomware against Middle East target

SolarWinds patches four critical Serv-U flaws enabling root access

VMware Aria Operations flaws could enable remote attacks

- Home

- Cyber Crime

- Cyber warfare

- APT

- Data Breach

- Deep Web

- Hacking

- Hacktivism

- Intelligence

- Artificial Intelligence

- Internet of Things

- Laws and regulations

- Malware

- Mobile

- Reports

- Security

- Social Networks

- Terrorism

- ICS-SCADA

- Crypto

- POLICIES

- Contact me

- Home

- Cyber Crime

- Data Breach

- Hacking

- Security

- Canadian Tire 2025 data breach impacts 38 million users

Canadian Tire 2025 data breach impacts 38 million users

Pierluigi Paganini
February 28, 2026

A data breach at Canadian Tire exposed personal data from over 38 million accounts, including contact details and encrypted passwords.

More than 38 million accounts were affected by an October 2025 data breach at Canadian retail giant Canadian Tire (CTC). The incident marks one of the largest retail data breaches in Canada, raising concerns about customer privacy and the security of sensitive personal information.

“On October 2, 2025, Canadian Tire Corporation (TSX: CTC) (TSX: CTC.A) (CTC or the Company) identified a data breach involving customer information in an e-commerce database.” reads the press release published by CTC. “There was no impact on in-store transactions, and all e-commerce systems are operational.”

On October 2, 2025, the company discovered a data breach affecting its e-commerce database. The incident exposed basic customer details, including names, addresses, emails, year of birth, encrypted passwords, and in some cases, truncated credit card numbers.

The company pointed out that exposed financial data cannot be used to access accounts, make transactions, or make purchases.

Less than 150,000 accounts also included full dates of birth. The breach did not impact Canadian Tire Bank, Triangle Rewards, or in-store systems. The company identified and fixed the issue and notified regulators.

The Canadian firm will contact affected users and will offer them credit monitoring.

The data breach notification service Have I Been Pwned added the compromised records to its database. According to the platform, about 42 million records were exposed, including 38.3 million email addresses.

HIBP states that compromised data includes:

- Dates of birth

- Email addresses

- Genders

- Names

- Partial credit card data

- Passwords

- Phone numbers

- Physical addresses

HIBP reports that the datasets include PBKDF2 password hashes.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CTC)

---

---

Canadian Tire
Cybercrime
data breach

you might also like

Pierluigi Paganini
March 01, 2026

Read more

Pierluigi Paganini
February 28, 2026

Iran ’s Internet near-totally blacked out amid US, Israeli strikes

Read more

up-to-date!

recent articles

Security / March 01, 2026

Canadian Tire 2025 data breach impacts 38 million users

Data Breach / February 28, 2026

Microsoft warns of RAT delivered through trojanized gaming utilities

Malware / February 28, 2026

Aeternum botnet hides commands in Polygon smart contracts

Mobile / February 27, 2026

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

Security / February 27, 2026

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.

Manage consent

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT

---

[Original source](https://securityaffairs.com/188659/data-breach/canadian-tire-2025-data-breach-impacts-38-million-users.html)

Reply