Canadian Tire Suffers Massive Data Breach Exposing 38 Million Email Addresses
In October, Canadian retail giant Canadian Tire experienced a significant data breach, compromising 38 million unique email addresses along with sensitive personal information. The exposed data included names, phone numbers, physical addresses, PBKDF2-hashed passwords, and partial credit card details, raising concerns about potential identity theft and fraud.
According to security researcher Troy Hunt, who operates Have I Been Pwned, 86% of the breached email addresses were already circulating in previous leaks, primarily from LinkedIn’s 2021 data exposure. The overlap suggests widespread reuse of credentials, increasing the risk of credential-stuffing attacks.
The breach highlights the ongoing vulnerability of large retailers to cyber threats, particularly when handling customer payment and personal data. While Canadian Tire has not disclosed the exact cause of the breach, the incident underscores the importance of robust encryption and monitoring for organizations managing sensitive information. The full extent of the impact remains under investigation.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7432317892076982273
Canadian Tire TPRM report: https://www.rankiteo.com/company/canadian-tire
"id": "can1772008034",
"linkid": "canadian-tire",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '38 million unique email '
'addresses',
'industry': 'Retail',
'location': 'Canada',
'name': 'Canadian Tire',
'type': 'Retail'}],
'data_breach': {'data_encryption': 'PBKDF2-hashed passwords',
'number_of_records_exposed': '38 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Email addresses',
'Names',
'Phone numbers',
'Physical addresses',
'PBKDF2-hashed passwords',
'Partial credit card details']},
'description': 'In October, Canadian retail giant Canadian Tire experienced a '
'significant data breach, compromising 38 million unique email '
'addresses along with sensitive personal information. The '
'exposed data included names, phone numbers, physical '
'addresses, PBKDF2-hashed passwords, and partial credit card '
'details, raising concerns about potential identity theft and '
'fraud.',
'impact': {'brand_reputation_impact': 'Potential brand reputation damage due '
'to data breach',
'data_compromised': '38 million unique email addresses, names, '
'phone numbers, physical addresses, '
'PBKDF2-hashed passwords, partial credit card '
'details',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Under investigation',
'lessons_learned': 'The breach highlights the ongoing vulnerability of large '
'retailers to cyber threats, particularly when handling '
'customer payment and personal data. It underscores the '
'importance of robust encryption and monitoring for '
'organizations managing sensitive information.',
'references': [{'source': 'Have I Been Pwned (Troy Hunt)'}],
'title': 'Canadian Tire Suffers Massive Data Breach Exposing 38 Million Email '
'Addresses',
'type': 'Data Breach'}