Canada Goose says an advertised breach of 600,000 records is an old raid and there are no signs of a recent compromise.
The down-filled jacket purveyor did not answer questions about how old the data is or how it was originally taken, but told us it relates to past customer purcahses.
“Canada Goose is aware that a historical dataset relating to past customer transactions has recently been published online,” a spokesperson said. “At this time, we have no indication of any breach of our own systems. We are currently reviewing the newly released dataset to assess its accuracy and scope, and will take any further steps as may be appropriate.”
“To be clear, our review shows no evidence that unmasked financial data was involved. Canada Goose remains committed to protecting customer information.”
ShinyHunters posted the company’s data for download on February 14 via their leak site. The criminals’ advert for the data claimed there were more than 600,000 records, each containing personally identifiable information, as well as payment/financial details.
The Register reviewed a number of the records available online via a JSON file, and ShinyHunters’ description of the data appears accurate.
It includes names and other usual PII data points, as well as partial payment information and order details, such as price and delivery address.
A cursory scan suggests affected individuals appear to be based across North America and Europe.
New year, new me
ShinyHunters has had a busy start to 2026: the cybercriminals now have their own data leak site, and have posted a number of high-profile victims this year alone.
Crunchbase and Betterment, two examples of these scalps, were raided as part of the group’s targeting of Okta accounts through voice phishing.
Among the other victims are SoundCloud, Match Group, Panera Bread, Harvard University, and wealth management firm Mercer Advisors.
Last year, the criminal crew was linked to attacks on Salesforce, which led to the theft of data belonging to more than 200 of the company’s customers, as well as SalesLoft Drift, a Salesforce integration that compromised various Salesforce instances. ®