ransomware🌐InternationalBleepingComputer
Canada Goose Customer Data Leaked by ShinyHunters
Monday, February 16, 2026
What
The ShinyHunters data extortion group published a 1.67 GB dataset of over 600,000 Canada Goose customer records. This incident is significant as the exposed information, including names, emails, addresses, and partial payment details, could be used for targeted phishing, social engineering, and fraud.
Where
Canada Goose customers are affected. The data likely originated from a third-party payment processor used by Canada Goose.
When
Disclosed February 15, 2026. The leaked data reportedly dates back to August 2025.
Key Factors
- •The leaked dataset includes personally identifiable information (PII) and partial payment card details, but notably excludes full payment card numbers.
- •Canada Goose asserts no breach of its internal systems, suggesting the data originated from a historical third-party payment processor compromise.
- •The data's schema, resembling e-commerce checkout exports, supports the claim of a third-party service provider origin.
Takeaways
- →Customers should remain vigilant against phishing and social engineering attempts leveraging their exposed personal and purchase history information.
- →Organizations must thoroughly vet and secure third-party vendors and payment processors to prevent data breaches originating outside their direct infrastructure.
Read Full Article
Opens original article on BleepingComputer
