Canadian Tire Corporation Ltd., one of Canada’s largest retail groups, has disclosed a data breach that compromised the personal information of some customers who made purchases through its online platforms. The incident, discovered earlier this month, has raised fresh concerns about data security in the country’s growing e-commerce sector.
Breach Discovered in E-Commerce Database
According to the company, the breach was identified on October 2, involving a portion of data stored in its e-commerce database. This database supports transactions for Canadian Tire’s primary website and its other retail banners, including SportChek, Mark’s/L’Équipeur, and Party City.
The retailer confirmed that the compromised data included names, email addresses, residential addresses, and birth years. Additionally, encrypted passwords and, in limited cases, partial credit card numbers were also exposed. The company clarified that the available payment information was similar to what appears on a store receipt, meaning full credit card numbers and security codes were not accessible.
Limited Impact on Sensitive Data
Canadian Tire emphasized that the breach did not involve customer banking details, Canadian Tire Bank information, or data from the Triangle Rewards loyalty program. The company stated that the stolen information would not allow unauthorized users to access customer accounts or make purchases.
However, the company revealed that the full dates of birth for fewer than 150,000 customers were also part of the compromised data. Affected users are being directly notified and will receive complimentary credit monitoring services from TransUnion Canada as a precautionary measure.
Retailer Takes Immediate Security Measures
Following the discovery of the breach, Canadian Tire reported that it had identified and resolved the system vulnerability responsible for the unauthorized access. The company stated that it is collaborating with external cybersecurity experts to enhance its online defenses and prevent future incidents.
“All of our websites and systems continue to be closely monitored by both internal teams and external cybersecurity specialists,” the company said in a public statement. It further added that there is currently no indication of ongoing unauthorized activity.
The incident, according to Canadian Tire, has not affected in-store transactions or disrupted its online shopping services. Customers can continue to make purchases through both physical stores and e-commerce channels without interruption.
Company Advises Customers on Safe Practices
Canadian Tire has advised customers to remain cautious and follow cybersecurity best practices. Those who receive an email from TransUnion Canada on behalf of the retailer are encouraged to enroll in credit monitoring. Customers who do not receive such communication are not required to take additional action.
Nonetheless, the company reminded shoppers to use strong and unique passwords, avoid reusing credentials across multiple websites, and enable multi-factor authentication (MFA) wherever possible. It also urged customers to monitor their financial accounts and immediately contact their banks if they notice any suspicious activity.
“If you notice anything unusual, contact your financial institution and report any potential fraud to the police,” the company stated.
Rising Cybercrime Threat in Canada
The breach comes amid a noticeable surge in cybercrime across Canada. Statistics Canada reported that police-recorded cyber incidents reached 92,567 cases in 2024, compared to 65,141 in 2020 — a jump of more than 40 percent in just four years. Of these, fraud-related offenses accounted for over 46,000 cases, while identity theft and identity fraud made up several thousand more.
Experts warn that these figures may represent only a fraction of the real problem, as many victims choose not to report cyber incidents due to embarrassment or the belief that authorities may not be able to help.
Other Recent Cybersecurity Incidents
Canadian Tire’s disclosure follows a string of cybersecurity issues affecting major Canadian organizations over the past year. Nova Scotia Power, the College of New Caledonia in Prince George, B.C., and PowerSchool, a leading education software provider, have all faced cyber incidents that exposed sensitive data or disrupted operations.
Industry analysts note that as companies expand their digital services, they also become more vulnerable to sophisticated cyberattacks. With consumer trust and brand reputation on the line, proactive cybersecurity investments are becoming essential for all major corporations.
Commitment to Strengthening Security
Canadian Tire reaffirmed its commitment to data protection, saying it continues to enhance system security and invest in advanced cyber defense measures. The retailer expressed regret over the incident and pledged transparency with customers as it completes its investigation.
While the breach highlights the growing challenges of safeguarding personal data in the digital era, it also underscores the importance of vigilance — both for corporations and consumers. As online shopping continues to grow in popularity, maintaining strong cybersecurity frameworks will be critical to protecting consumer trust across Canada’s retail landscape.
Israeli minister Itamar Ben-Gvir faced global criticism after videos showed detained Gaza flotilla a
Foreign ministers from Quad nations convened in New Delhi to enhance cooperation on security and eco
North Korea fires ballistic missiles and other weapons, heightening regional military tensions amid
The UAE's participation in GLOBSEC Forum 2026 showcased its commitment to global partnerships in sec
