Canada Goose 2025 Data Breach

Canada Goose Premium Outerwear Brand Breach (2025): 582K Customer Records Including Partial Credit Card Data & Purchase History Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

ShinyHunters (via third-party August 2025 incident)RetailCredit CardDevice InformationEmail AddressFull NameIP AddressPhone NumberPhysical AddressTransaction History
High SeverityWebsite / service breach

Canada Goose Premium Outerwear Brand Breach (2025): 582K Customer Records Including Partial Credit Card Data & Purchase History Exposed

Outerwear and luxury apparel brand.

Verified by ObscureIQ Intelligence
79/100Breach Risk Index
15Data Value
80Market Recency
69dSince Breach

Breach Intelligence Summary

Entity: Canada Goose · Actor: ShinyHunters (via third-party August 2025 incident) · Sources: 3 references
Attack: Unknown
Profile: Company · Apparel manufacturing and retail · Premium outerwear brand · Global
Timeline: Breach (2025-07-04) · Indexed (Feb 17, 2026) · Year (2025)
Exposure: 582K records · 8 fields: Credit Card, Device Information, Email Address, Full Name, IP Address, Phone Number, Physical Address, Transaction History
Status: Confirmed

Executive Summary

A dataset of around 600,000 Canada Goose customer records appeared in February 2026 on the leak site of the data-extortion group ShinyHunters. The archive, distributed as a 1.67 GB JSON file, contained roughly 920,000 lines of order and refund data covering names, email addresses, phone numbers, billing and shipping addresses, IP addresses, device and browser details, order histories, and partial payment card information.\n\nThe partial card data included card brand, the last four digits, and in some cases the first six digits or BIN. Full card numbers were not present. Canada Goose stated publicly that it had found no evidence of a breach of its own systems and that the data appears to have come from a third-party payment processor that handled past customer transactions. ShinyHunters attributed the underlying compromise to an August 2025 incident at that third party. Independent researchers noted that much of the data appeared to date from 2021 to 2023, raising the possibility that ShinyHunters republished older material.\n\nFor affected customers, the practical risk is targeted phishing and order-related fraud rather than direct payment compromise. Scams referencing real past orders, shipping addresses, or partial card details are now plausible. Affluent customers should be alert to messages claiming order issues or refund offers and should verify any such contact through the canadagoose.com customer service channel rather than through links in unsolicited messages.

ObscureIQ assessment: Exposure enables phishing, order fraud, delivery impersonation, and affluent-customer targeting. Premium-brand purchase data can also signal higher-value households.

Breach Impact

Direct institutional cost to Canada Goose has so far been modest because the company has positioned the incident as a third-party payment-processor breach rather than a compromise of its own systems. There have been no public regulatory penalties, settlements, or customer-notification programs as of early 2026. The principal exposures are reputational and operational. The brand's high-net-worth customer base is unusually attractive for fraudsters, which raises pressure on customer-experience and trust-and-safety teams. The third-party angle also shifts attention to vendor-management practices, an area public scrutiny tends to revisit when data first surfaces and again at any litigation stage.

About Canada Goose

Canada Goose is a Toronto-based outerwear and luxury apparel company best known for performance-focused parkas and winter clothing. Founded in 1957, the brand sells through company-owned retail stores, wholesale partners, and a direct-to-consumer e-commerce channel that ships globally. The company is publicly traded and reported roughly $1 billion in annual revenue in fiscal 2025, with a workforce of nearly 5,000. Its customer base is concentrated in higher-income North American and European households, reflecting the price point of the core product line.

Why They Hold Your Data

Premium apparel brands collect customer identity, contact details, addresses, order history, loyalty or clienteling records, and payment-adjacent data across retail and e-commerce operations.

Recent Developments

In February 2026, the data extortion group ShinyHunters published a dataset of more than 600,000 Canada Goose customer records on its dark-web leak site. Canada Goose responded publicly, stating that it had no indication of a breach of its own systems and that the data appears to relate to past customer transactions handled by a third party. The company says its review found no evidence that unmasked financial data was exposed. As of early 2026, the investigation is ongoing, no formal customer notifications have been confirmed, and no regulatory action has been publicly announced.

Data Points Exposed

8 verified field types
Credit Card Critical
Device Information
Email Address
Full Name High
IP Address
Phone Number
Physical Address High
Transaction History High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Financial fraud using exposed financial profile data
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Card-present & card-not-present fraud
  • Card identification & social engineering
  • Device fingerprinting & targeted exploitation
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Geolocation & account flagging
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: ShinyHunters (via third-party August 2025 incident)

ShinyHunters (via third-party August 2025 incident)
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Canada Goose breach?

A dataset of around 600,000 Canada Goose customer records appeared in February 2026 on the leak site of the data-extortion group ShinyHunters. The archive, distributed as a 1.67 GB JSON file, contained roughly 920,000 lines of order and refund data covering names, email addresses, phone numbers,…

What data was exposed?

Verified fields include Credit Card, Device Information, Email Address, Full Name, IP Address, Phone Number, Physical Address, Transaction History.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation