Canada Goose Investigates Customer Data Exposure After ShinyHunters Leak
Canada Goose is probing a potential data exposure affecting over 600,000 customers after the hacking group ShinyHunters published a 1.67GB dataset allegedly tied to the company. The leaked records, which surfaced on the group’s leak site, include names, email addresses, phone numbers, billing and shipping details, order history, and partial payment card data (such as card type and last four digits). The compromised data appears to date back to August 2025 and primarily involves customers in North America and Europe.
ShinyHunters claims the breach originated from a third-party payment processor, not Canada Goose’s internal systems. The company has acknowledged the incident but stated it has found no evidence of a direct breach within its own environment. While the leaked data does not include full payment card numbers, Canada Goose confirmed that no unmasked financial information was exposed. The investigation remains ongoing, and the company has not yet determined the total number of affected customers or whether formal notifications will be issued.
Despite the lack of full financial details, the exposure poses significant risks. The combination of personal and transactional data such as order history and shipping addresses could enable highly targeted phishing and social engineering attacks. Attackers may use this information to craft convincing scams, particularly against high-value or repeat customers, increasing the potential for fraud and brand distrust.
The incident underscores the challenges companies face in managing third-party security risks. Even when a breach occurs outside their direct systems, customers often hold brands accountable for data protection. Clear communication and proactive support will be critical in mitigating reputational damage as the investigation continues.
ShinyHunters TPRM report: https://www.rankiteo.com/company/underdark-ai
"id": "und1771339192",
"linkid": "underdark-ai",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Over 600,000',
'industry': 'Apparel',
'location': 'Canada',
'name': 'Canada Goose',
'type': 'Retailer'}],
'attack_vector': 'Third-party compromise',
'customer_advisories': 'Acknowledged incident, investigation ongoing, no '
'formal notifications issued yet',
'data_breach': {'data_exfiltration': 'Yes (published by ShinyHunters)',
'number_of_records_exposed': 'Over 600,000',
'personally_identifiable_information': 'Names, email '
'addresses, phone '
'numbers, billing and '
'shipping details',
'sensitivity_of_data': 'High (PII and transactional data)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Payment data (partial)',
'Order history',
'Billing and shipping details']},
'description': 'Canada Goose is probing a potential data exposure affecting '
'over 600,000 customers after the hacking group ShinyHunters '
'published a 1.67GB dataset allegedly tied to the company. The '
'leaked records include names, email addresses, phone numbers, '
'billing and shipping details, order history, and partial '
'payment card data (such as card type and last four digits). '
'The compromised data appears to date back to August 2025 and '
'primarily involves customers in North America and Europe. '
'ShinyHunters claims the breach originated from a third-party '
'payment processor, not Canada Goose’s internal systems. The '
'company has acknowledged the incident but stated it has found '
'no evidence of a direct breach within its own environment.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'customer data exposure',
'data_compromised': 'Names, email addresses, phone numbers, '
'billing and shipping details, order history, '
'partial payment card data (card type and last '
'four digits)',
'identity_theft_risk': 'High (due to combination of personal and '
'transactional data enabling '
'phishing/social engineering attacks)',
'payment_information_risk': 'Low (only partial payment card data '
'exposed)',
'systems_affected': 'Third-party payment processor'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Challenges in managing third-party security risks; '
'customers hold brands accountable for data protection '
'even when breaches occur outside direct systems',
'motivation': 'Data exfiltration for potential financial gain or sale on dark '
'web',
'post_incident_analysis': {'root_causes': 'Third-party payment processor '
'compromise'},
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': 'Proactive communication and support to mitigate '
'reputational damage; enhanced third-party vendor security '
'assessments',
'references': [{'source': 'Cyber Incident Description'}],
'response': {'communication_strategy': 'Acknowledged incident, ongoing '
'investigation, no formal '
'notifications issued yet'},
'threat_actor': 'ShinyHunters',
'title': 'Canada Goose Investigates Customer Data Exposure After ShinyHunters '
'Leak',
'type': 'Data Breach'}