Toys "R" Us experienced a cybersecurity incident where an unauthorized party accessed a database containing customers’ personal information. The investigation, initiated after online claims of stolen data, confirmed that some records including names, addresses, email addresses, and phone numbers were copied. While no passwords or credit card details were compromised, the company acknowledged the risk of potential misuse, though no evidence of fraudulent activity has been detected yet. Customers were advised to remain vigilant against phishing attempts, such as suspicious emails or texts impersonating Toys "R" Us. The company stated it had robust IT protections in place but has since enhanced security measures to mitigate future risks. The breach highlights vulnerabilities in customer data protection, though the immediate financial or operational impact appears limited to reputational concerns and proactive customer notifications.
TPRM report: https://www.rankiteo.com/company/toysrus
"id": "toy54102454102525",
"linkid": "toysrus",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unspecified (subset of customer '
'database)',
'industry': 'Toys and Consumer Goods',
'location': 'Canada (primary advisory contact: '
'customerservice@toysrus.ca)',
'name': 'Toys "R" Us',
'type': 'Retail'}],
'customer_advisories': 'Emails sent to affected customers with guidance on '
'phishing risks and contact information for inquiries.',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': ['Names',
'Addresses',
'Email addresses',
'Phone numbers'],
'sensitivity_of_data': 'Moderate (no financial or password '
'data)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)']},
'date_detected': 'Summer 2023 (exact date unspecified)',
'description': 'Toys "R" Us disclosed a cybersecurity incident where a '
'database containing customers’ personal information was '
'accessed. The investigation revealed that some records, '
'including names, addresses, email addresses, and phone '
'numbers, were copied. No passwords or credit card information '
'were compromised. Customers were advised to remain vigilant '
'for phishing attempts.',
'impact': {'brand_reputation_impact': 'Potential (advisory issued to '
'customers)',
'data_compromised': ['Names',
'Addresses',
'Email addresses',
'Phone numbers'],
'identity_theft_risk': 'Low (no evidence of fraudulent use '
'reported)',
'payment_information_risk': 'None (no credit card information '
'accessed)',
'systems_affected': ['Customer database']},
'initial_access_broker': {'data_sold_on_dark_web': 'Claimed online '
'(unverified)',
'high_value_targets': ['Customer database']},
'investigation_status': 'Completed (third-party investigator hired; no '
'ongoing fraud detected)',
'post_incident_analysis': {'corrective_actions': ['Enhanced security measures '
'across IT systems']},
'recommendations': ['Customers advised to be vigilant for phishing attempts '
'(e.g., suspicious emails/texts with typos, formatting '
'issues, or unsolicited offers).',
'Customers instructed not to click links or download '
'attachments from suspicious sources.',
'Report unexpected communications to Toys "R" Us customer '
'service.'],
'references': [{'source': 'CTV News Montreal'}],
'response': {'communication_strategy': 'Customer advisory issued via email; '
'dedicated customer service contact '
'provided (customerservice@toysrus.ca)',
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'remediation_measures': 'Enhanced security measures implemented',
'third_party_assistance': True},
'stakeholder_advisories': 'Customer advisory issued',
'title': 'Toys "R" Us Customer Database Cybersecurity Incident',
'type': 'Data Breach'}