ShinyHunters Dumps 600K+ Canada Goose Customer Records on

600K Customer Records Posted to Dark Web

On February 14, the notorious data extortion group ShinyHunters posted 1.67 GB of data allegedly stolen from luxury outerwear brand Canada Goose on its Tor leak site. The dump contains over 600,000 customer records spanning multiple years of transactions.

Canada Goose denies a direct breach of its own systems, stating the dataset appears to relate to a third-party payment processor compromise dating back to August 2025.

What Was Leaked

Data Type	Details
Personal Information	Full names, email addresses, physical addresses
Payment Data	Last four digits of cards, BIN numbers (not full card numbers)
Device/Browser Info	User agent strings, device types, IP addresses
Purchase History	Transaction amounts, dates, product details
Account Data	Customer IDs, loyalty program information

Scope

600,000+ unique customer records
1.67 GB total dump size
Data spans 2023-2025 transaction period
Primarily North American customers

ShinyHunters: Track Record

ShinyHunters is one of the most prolific data extortion groups operating today, known for targeting retail and technology companies:

Year	Target	Records
2024	Ticketmaster	560M
2024	AT&T	73M
2025	Hot Topic	350M
2026	Canada Goose	600K+

The group typically monetizes stolen data through direct sales on dark web marketplaces or by extorting victims for ransom payments to prevent public release.

Canada Goose's Response

Canada Goose issued a statement saying:

"We are aware of the claims and are investigating. Our preliminary assessment indicates the data does not originate from a direct breach of Canada Goose systems. The dataset appears to relate to past transactions processed through a third-party provider."

The company has engaged forensic investigators and notified relevant privacy authorities in Canada and the United States.

What Affected Customers Should Do

Monitor financial statements for unauthorized charges, especially on cards used at Canada Goose
Change passwords on Canada Goose accounts and any sites sharing the same credentials
Enable credit monitoring through services like TransUnion or Equifax
Watch for phishing — Exposed data makes targeted phishing highly likely
Consider a credit freeze if concerned about identity theft

Broader Implications

This breach highlights the growing risk of third-party supply chain compromises in retail. Even when a brand's own systems remain secure, data can be exposed through:

Payment processors
Logistics and shipping providers
Marketing and analytics platforms
Customer support platforms

Organizations should maintain data processing inventories and require breach notification clauses in all vendor contracts.

Sources

600K Customer Records Posted to Dark Web

Canada Goose denies a direct breach of its own systems, stating the dataset appears to relate to a third-party payment processor compromise dating back to August 2025.

What Was Leaked

Data Type	Details
Personal Information	Full names, email addresses, physical addresses
Payment Data	Last four digits of cards, BIN numbers (not full card numbers)
Device/Browser Info	User agent strings, device types, IP addresses
Purchase History	Transaction amounts, dates, product details
Account Data	Customer IDs, loyalty program information

Scope

600,000+ unique customer records
1.67 GB total dump size
Data spans 2023-2025 transaction period
Primarily North American customers

ShinyHunters: Track Record

ShinyHunters is one of the most prolific data extortion groups operating today, known for targeting retail and technology companies:

Year	Target	Records
2024	Ticketmaster	560M
2024	AT&T	73M
2025	Hot Topic	350M
2026	Canada Goose	600K+

The group typically monetizes stolen data through direct sales on dark web marketplaces or by extorting victims for ransom payments to prevent public release.

Canada Goose's Response

Canada Goose issued a statement saying:

"We are aware of the claims and are investigating. Our preliminary assessment indicates the data does not originate from a direct breach of Canada Goose systems. The dataset appears to relate to past transactions processed through a third-party provider."

The company has engaged forensic investigators and notified relevant privacy authorities in Canada and the United States.

What Affected Customers Should Do

Monitor financial statements for unauthorized charges, especially on cards used at Canada Goose
Change passwords on Canada Goose accounts and any sites sharing the same credentials
Enable credit monitoring through services like TransUnion or Equifax
Watch for phishing — Exposed data makes targeted phishing highly likely
Consider a credit freeze if concerned about identity theft

Broader Implications

This breach highlights the growing risk of third-party supply chain compromises in retail. Even when a brand's own systems remain secure, data can be exposed through:

Payment processors
Logistics and shipping providers
Marketing and analytics platforms
Customer support platforms

Organizations should maintain data processing inventories and require breach notification clauses in all vendor contracts.

ShinyHunters Dumps 600K+ Canada Goose Customer Records on

600K Customer Records Posted to Dark Web

What Was Leaked

Scope

ShinyHunters: Track Record

Canada Goose's Response

What Affected Customers Should Do

Broader Implications

Sources

Russia Detains Alleged Admin of LeakBase Cybercrime Forum Weeks After Global Crackdown

Telus Digital Confirms Massive Breach After ShinyHunters

AT&T Breach Data Resurfaces: 176 Million Records with Fully

ShinyHunters Dumps 600K+ Canada Goose Customer Records on

600K Customer Records Posted to Dark Web

What Was Leaked

Scope

ShinyHunters: Track Record

Canada Goose's Response

What Affected Customers Should Do

Broader Implications

Sources

Russia Detains Alleged Admin of LeakBase Cybercrime Forum Weeks After Global Crackdown

Telus Digital Confirms Massive Breach After ShinyHunters

AT&T Breach Data Resurfaces: 176 Million Records with Fully