Akira Ransomware Gang Claims Breach of Canadian Retailer Ardene
The Akira ransomware group has listed Canadian fashion retailer Ardene on its data leak site, alleging the theft of 58 GB of sensitive data. The breach reportedly includes financial records (audits, payment details, and invoices), customer and employee information (passports, driver’s licenses, emails, and phone numbers), and confidential corporate data.
Ardene acknowledged a "cyber incident" in January that disrupted internal systems, causing shipping delays and temporary issues with its rewards program and gift cards. In a customer notification, the company stated it was unaware of any customer data being compromised "at this time" but did not confirm Akira’s claims or whether a ransom was demanded or paid.
Akira, a prolific ransomware strain first detected in March 2023, is believed to have ties to the defunct Conti group. In 2025 alone, Akira claimed 769 attacks, with 94 confirmed by affected organizations. So far in 2026, the group has listed 94 victims, including Ardene, as well as companies in France, Denmark, and the U.S.
Canada has seen a rise in ransomware attacks, with two confirmed incidents in 2026 Ardene and Lakelands Public Health (targeted by the Lynx ransomware gang). Past high-profile attacks include London Drugs (2024) and Harry Rosen (2022), which exposed 160,000 individuals.
Headquartered in Laval, Quebec, Ardene operates over 300 stores across Canada, the U.S., and internationally, specializing in apparel, footwear, and accessories. The investigation into the breach remains ongoing.
Source: https://www.comparitech.com/news/ransomware-gang-claims-recent-cyber-attack-on-canadian-retailer/
Ardene cybersecurity rating report: https://www.rankiteo.com/company/ardene
"id": "ARD1771007279",
"linkid": "ardene",
"type": "Ransomware",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Fashion/Apparel',
'location': 'Laval, Quebec, Canada',
'name': 'Ardene',
'size': 'Over 300 stores',
'type': 'Retailer'}],
'customer_advisories': 'Company stated it was unaware of any customer data '
"being compromised 'at this time'",
'data_breach': {'data_exfiltration': 'Yes',
'file_types_exposed': ['Audits',
'Payment details',
'Invoices',
'Passports',
'Driver’s licenses',
'Emails',
'Phone numbers'],
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Financial records',
'Customer and employee '
'information',
'Confidential corporate data']},
'date_detected': '2026-01-01',
'description': 'The Akira ransomware group has listed Canadian fashion '
'retailer Ardene on its data leak site, alleging the theft of '
'58 GB of sensitive data. The breach reportedly includes '
'financial records (audits, payment details, and invoices), '
'customer and employee information (passports, driver’s '
'licenses, emails, and phone numbers), and confidential '
"corporate data. Ardene acknowledged a 'cyber incident' in "
'January that disrupted internal systems, causing shipping '
'delays and temporary issues with its rewards program and gift '
'cards.',
'impact': {'data_compromised': '58 GB of sensitive data',
'identity_theft_risk': 'High',
'operational_impact': 'Shipping delays, temporary issues with '
'rewards program and gift cards',
'payment_information_risk': 'High',
'systems_affected': 'Internal systems, rewards program, gift '
'cards'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Akira'},
'references': [{'source': 'Akira data leak site'}],
'response': {'communication_strategy': 'Customer notification acknowledging '
'the incident'},
'threat_actor': 'Akira ransomware group',
'title': 'Akira Ransomware Gang Claims Breach of Canadian Retailer Ardene',
'type': 'Ransomware'}