Canadian Tire Corporation E-Commerce database breached, exposing customer information
Learn More
Canadian Tire Corporation (CTC) reports a data breach affecting customers who have e-commerce accounts with the company and its subsidiary retail brands.
On October 2, 2025, the company detected unauthorized activity targeting an e-commerce database containing customer information from Canadian Tire, SportChek, Mark's/L'Équipeur, and Party City online shopping platforms.
Exposed data includes:
- Names
- Addresses
- Email addresses
- Year of birth
- Encrypted passwords
- Truncated (incomplete) credit card numbers in some cases
- Full dates of birth (fewer than 150,000 accounts)
The nature of the attack and the total number of affected customers has not been disclosed. Canadian Tire confirmed that fewer than 150,000 account holders had their complete dates of birth exposed in addition to the other personal information.
The company claims that the incident was confined to the e-commerce database and did not extend to other platforms. Company officials emphasized that in-store transaction systems are not affected the breach, and the e-commerce platforms continue operating normally.
CTC has identified the individual account holders whose full dates of birth were compromised, will contact them directly and is offering complimentary credit monitoring services. The incident has been reported to applicable privacy regulators.
Update - as of 25th of February 2025, Have I Been Pwned added records from this Breach and reports that about 42 million records were exposed, including 38.3 million email addresses.
Per the HIBP report, that compromised data includes:
- Dates of birth
- Email addresses
- Genders
- Names
- Partial credit card data
- Passwords
- Phone numbers
- Physical addresses
