ShellCodeX Breach Report
Canadian Tire Data Breach
canadiantire.ca
Verified breach
Passwords exposed
Accounts exposed
38,306,562
Breach date
02 Oct 2025
Added to tracker
25 Feb 2026
Data classes
8
What happened
In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates of birth and partial credit card data were also included (card type, expiry and masked card number). In its disclosure notice, Canadian Tire advised that the incident did not impact bank account information or loyalty program data.
Exposed data
Dates of birth
Email addresses
Genders
Names
Partial credit card data
Passwords
Phone numbers
Physical addresses
Recommended actions
- Change your Canadian Tire password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Canadian Tire โ attackers weaponise breach data quickly.
- Monitor your bank and card statements closely and consider requesting a card replacement.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP