Canada Goose investigating as hackers leak 600K customer records
Source: Bleeping Computer
Canada Goose sees no evidence of breach
“Canada Goose is aware that a historical dataset relating to past customer transactions has recently been published online,” the company told BleepingComputer.
“At this time, we have no indication of any breach of our own systems. We are currently reviewing the newly released dataset to assess its accuracy and scope and will take any further steps as may be appropriate. To be clear, our review shows no evidence that unmasked financial data was involved. Canada Goose remains committed to protecting customer information.”
1.67 GB dataset contains detailed order records
ShinyHunters added Canada Goose to its data leak site this week, claiming the archive contains more than 600,000 customer records.
ShinyHunters data leak site listing Canada Goose and 600K records (BleepingComputer)
Samples reviewed by BleepingComputer show that the 1.67 GB dataset, released in JSON format, contains detailed e‑commerce order records, including:
- Customer names, email addresses, phone numbers
- Billing and shipping addresses
- IP addresses, device and browser information
- Order histories and order values
The data also includes partial payment card information such as card brand, the last four digits of card numbers, and in some cases the first six digits (BIN) along with payment‑authorization metadata. While full card numbers are not present, the exposed information could still be used for targeted phishing, social engineering, and fraud.
Hackers deny link to recent SSO attacks
ShinyHunters has recently been linked to a wave of social‑engineering attacks targeting single sign‑on (SSO) accounts and cloud environments.
When asked whether the Canada Goose data was obtained through those intrusions, the group told BleepingComputer the dataset was unrelated, claiming it originated from a third‑party payment processor breach and dates back to August 2025. BleepingComputer has not independently verified the claim.
The dataset’s schema (field names like checkout_id, shipping_lines, cart_token, cancel_reason, etc.) closely resembles e‑commerce checkout exports commonly associated with hosted storefront and payment‑processing platforms, which may help explain how the data could have originated from a third‑party service provider.
Who is ShinyHunters?
ShinyHunters is a prolific data‑extortion group known for stealing and leaking large volumes of customer data from major brands and online services. The group has been linked to numerous high‑profile breaches and data‑theft incidents in recent years, often targeting e‑commerce platforms, SaaS services, and cloud environments.
In recent reporting, security researchers have tied the group to vishing and social‑engineering campaigns used to gain access to corporate accounts and cloud data. Stolen data is typically used for extortion, sold on underground forums, or published on the group’s leak site when victims refuse to pay.
It is not yet known how many Canada Goose customers may be affected or whether individuals will be notified. The company says it is continuing to review the dataset to determine its accuracy and scope.