ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Canadian Tire Data Breach

canadiantire.ca
Major exposure
Verified breach Passwords exposed
Accounts exposed 38,306,562
Breach date 02 Oct 2025
Added to tracker 25 Feb 2026
Data classes 8

What happened

In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates of birth and partial credit card data were also included (card type, expiry and masked card number). In its disclosure notice, Canadian Tire advised that the incident did not impact bank account information or loyalty program data.

Exposed data

Dates of birth Email addresses Genders Names Partial credit card data Passwords Phone numbers Physical addresses

Recommended actions

  • Change your Canadian Tire password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Canadian Tire โ€” attackers weaponise breach data quickly.
  • Monitor your bank and card statements closely and consider requesting a card replacement.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP