Hackers claim Canada Goose breach but researchers reveal data is “several years old”

Published: 17 February 2026
Last updated: 18 February 2026
Canada Goose allegedly suffers a data breach
Image by Cybernews.

Canada Goose, a major luxury winter clothing maker, has been targeted by hackers. The company’s data was shared on a popular data-leak forum, but Cybernews researchers believe it is several years old. The company denies it suffered a data breach.

Key takeaways:
  • Attackers claim a Canada Goose breach exposed over 600k records, including emails, phone numbers, and partial payment data.
  • Cybernews researchers analyzed samples and found duplicate entries, with most data dated between 2021 and 2023.
  • Years-old PII can still enable phishing, identity theft, and fraud, though risks are tempered because details are not entirely new.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

Prominent data-leak gang ShinyHunters posted about Canada Goose on its dark web forum, suggesting the luxury brand had suffered a data breach. The attackers claimed that the data breach exposed over 600k records containing sensitive customer data.

ADVERTISEMENT

Additionally, claims about the company’s data were posted on another popular data-leak forum. According to this data leak forum post, 583k unique users were exposed in the attack. Since one user typically has several records, attackers on the data-leak forum suggest the alleged data breach may have been far greater.

The company denied it suffered a data breach, yet admitted it is aware of attacker claims.

“Canada Goose is aware that a historical dataset relating to past customer transactions has recently been published online. At this time, we have no indication of any breach of our own systems,” the company explained in a statement.

“We are currently reviewing the newly released dataset to assess its accuracy and scope and will take any further steps as may be appropriate. To be clear, our review shows no evidence that unmasked financial data was involved. Canada Goose remains committed to protecting customer information.”

Headquartered in Toronto, Canada Goose is a major winter clothing manufacturer with 2025 revenue estimated at around $1 billion, and a staff of nearly 5,000.

Canada Goose data breach
Attacker post on a data leak forum. Image by Cybernews.

What Canada Goose data attackers claim to have?

Meanwhile, our team investigated data samples that the attackers attached to their posts on the dark web forum and the data leak forum. According to our researchers, both posts appear to contain the same data. The information allegedly stolen from Canada Goose includes personally identifiable information (PII) such as:

ADVERTISEMENT
  • User emails
  • Phone numbers
  • Last four digits of payment cards
  • Phone numbers
  • Shipping addresses
  • Details on bought items

Our researchers claim that the data the attackers provided contains 920k lines of orders and refund data.

However, our team noticed some duplicates in the dataset, with most of the information dating back to 2021-2023. At the same time, attackers claim they breached Canada Goose in February 2026, suggesting they accessed old databases or are not entirely truthful.

However, even old data can become a privacy headache for individuals whose details were exposed. According to our team, the most pressing risks involve fraud, identity theft, and phishing.

For one, attackers could exploit the leaked data to craft convincing phishing emails that reference specific purchases to trick victims into revealing full credit card numbers. However, this line of attack is somewhat limited by the fact that the exposed details are not entirely new.

Canda Goose data breach
Sample of the allegedly leaked data. Image by Cybernews.

Who are the attacker group ShinyHunters?

Recently, ShinyHunters have attempted to extort numerous well-known brands. The recent spree started after the attacker collective stole sign-on (SSO) credentials for various Okta, Microsoft, and Google accounts.

Last month, the gang claimed access to details stolen from OkCupid, Hinge, and Match, all owned by Match Group. The attackers supposedly stole over 10 million records belonging to the company.

The gang has also targeted the private company intelligence platform Crunchbase. According to the company, the threat actor exfiltrated “certain documents” from its corporate network.

ADVERTISEMENT
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

According to Google Threat Intelligence Group (GTIG), a wave of recent ShinyHunters cyberattacks relies on sophisticated voice phishing – phone calls that trick employees into visiting malicious credential harvesting sites and grant access.

The group was first reported in 2019 and has targeted numerous companies since its inception. The gang’s name likely derives from Shiny Pokémon, a feature of the Pokémon video game franchise. A dark-coloured Pokémon is seen on the gang’s dark web forum as well.

Updated on February 17th [03:10 p.m. GMT] with a statement from Canada Goose.

Unlock exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked