Hackers breached Toys "R" Us Canada’s systems and leaked a subset of customer records, exposing names, postal addresses, email addresses, and phone numbers. While no passwords, credit card details, or highly sensitive financial data were compromised, the leaked information poses significant risks for phishing, identity theft, and fraud. The company detected the breach after hackers posted about it on the dark web and responded by hiring a third-party cybersecurity firm for forensic analysis. Enhanced security measures were implemented to prevent future incidents, though the attack method and perpetrators remain unidentified. Authorities were notified, and affected customers were advised to remain vigilant against potential scams. There is currently no evidence of data misuse, but the exposure of valid personal details increases the likelihood of targeted social engineering attacks.
TPRM report: https://www.rankiteo.com/company/toys'r'us-canada
"id": "toy1092310102425",
"linkid": "toys'r'us-canada",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'subset of customer records '
'(exact number undisclosed)',
'industry': 'toys and consumer goods',
'location': 'Canada',
'name': 'Toys "R" Us Canada',
'type': 'retail'}],
'customer_advisories': ['Warning about phishing and identity theft risks',
'Guidance to avoid unsolicited requests for '
'information',
'Instructions to report suspicious activity'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'subset (exact number '
'undisclosed)',
'personally_identifiable_information': ['names',
'postal addresses',
'email addresses',
'phone numbers'],
'sensitivity_of_data': 'moderate (names, addresses, emails, '
'phone numbers; no passwords or '
'financial data)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)']},
'description': 'Cybercriminals stole and leaked Toys "R" Us Canada’s customer '
'information, exposing names, postal addresses, email '
'addresses, and phone numbers. The incident poses risks of '
'phishing, identity theft, and fraud. The company has notified '
'affected customers, hired third-party cybersecurity experts '
'for forensic analysis, and implemented enhanced security '
'measures. No passwords, credit card details, or other highly '
'sensitive data were compromised, but the leaked data remains '
'valuable for malicious activities like spoofing and scams.',
'impact': {'brand_reputation_impact': 'high (risk of phishing, identity '
'theft, and loss of customer trust)',
'data_compromised': ['names',
'postal addresses',
'email addresses',
'phone numbers'],
'identity_theft_risk': 'high',
'payment_information_risk': 'none (no credit card details or '
'passwords exposed)'},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['customer database']},
'investigation_status': 'ongoing (forensic analysis conducted by third-party '
'cybersecurity firm)',
'motivation': ['financial gain', 'data exploitation', 'fraud'],
'post_incident_analysis': {'corrective_actions': ['enhanced security measures '
'implemented']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Customers advised to stay vigilant against phishing and '
'spoofing attempts',
'Avoid responding to unsolicited requests for information',
'Do not click on links or attachments from suspicious '
'emails',
'Monitor for signs of identity theft or fraud'],
'references': [{'source': 'BleepingComputer'},
{'source': 'TechRadar', 'url': 'https://www.techradar.com'}],
'regulatory_compliance': {'regulatory_notifications': ['relevant authorities '
'notified (specific '
'regulators '
'undisclosed)']},
'response': {'communication_strategy': ['notified affected customers via '
'letter',
'advised customers to stay vigilant '
'against phishing and spoofing '
'attempts',
'public disclosure via social media'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['enhanced security measures '
'implemented'],
'third_party_assistance': ['hired third-party cybersecurity '
'company for forensic analysis and '
'assessment']},
'stakeholder_advisories': ['customers notified via letter',
'public disclosure on social media'],
'title': 'Toys "R" Us Canada Customer Data Leak',
'type': ['data breach', 'unauthorized data access', 'data leak']}