Luxury retail giants hit: Lacoste, Ralph Lauren, Canada Goose data allegedly exposed

Published: 15 April 2026
hackers allegedl selling lacoste ralph lauren canada goose and carter data

It’s not the best year so far for retail giants. Lacoste, Ralph Lauren, Carter’s, and Canada Goose might have just been added to the hacker hit list, with breach claims circulating on underground forums.

A threat actor surfaced on a popular hacker forum, claiming to possess data belonging to some of the world’s most recognizable retail brands: Lacoste, Ralph Lauren, Canada Goose, and Carter's.

Along with the post, the threat actor shared a small batch of sample images, roughly three to four per brand. The Cybernews research team has gone through the files provided.

ADVERTISEMENT

Some of these screenshots appear to include employee details such as full names and work email addresses. Others hint at possible customer data, though those portions were partially redacted by the actor before being posted.

The full extent of the alleged breach remains under wraps, but Cybernews has reached out to the brands for confirmation.

What data was allegedly stolen?

  • Full names and work email addresses of company staff
  • Screenshots showing email addresses and home addresses of customers
  • Internal metadata in the form of various numerical values and system-specific data points

On their own, leaked metadata in numerical form do not reveal much private information and are not clearly tied to any specific brand. This makes them less useful for attackers without additional context.

What risks do the retail companies and customers face?

Leaking personally identifiable information (PII) of customers and employees puts them at risk of highly targeted phishing attacks. This could result in financial loss or expanding the attack surface with malware.

Attackers could impersonate internal staff to trick employees into handing over more sensitive systems access, or pose as legitimate brands to deceive customers into sharing personal or financial details.

ADVERTISEMENT
lacoste retail
Post on the forum. Screenshot by Cybernews

How is such data potentially aggregated?

How does a single threat actor manage to snag data from four distinct global retailers simultaneously? The answer likely lies not in the brands themselves, but in a shared link between them.

The attacker states in the post that it is “supply chain data.” Cybernews researchers analyzed the technical fingerprints left behind in the samples, noting that the data structure was remarkably consistent across all four brands.

data sample
Data sample. Screenshot by Cybernews

“Generally, the format of this data repeats across different brands mentioned and their samples,” our researchers noted.

This points toward a supply chain attack, where a third-party service provider, likely one specializing in data management or retail logistics, was the true entry point.

“The data itself looks like it came from SQL server DBMS, because photo samples included specific SQL server-related metadata, such as row version numbers,” our research team explained.

data sample 2
Data sample. Screenshot by Cybernews

If a third-party provider was indeed the source, the question remains: how did the attackers get in?

ADVERTISEMENT

“The company may have had some compromised employee accounts. It could've also had some system misconfigurations that led to unauthorized access to internal data without necessarily having any account credentials," our researchers added.

Canada Goose previously targeted by ShinyHunters

In February, luxury winter clothing giant Canada Goose landed on ShinyHunters' hit list. The hackers posted over 600,000 records, including customer emails, phone numbers, partial payment card data, and shipping addresses.

Cybernews researchers analyzed samples and found duplicate entries, with most data dated between 2021 and 2023.

The company denied any breach of its systems. It remains unclear if the currently circulating data is in any way related to the data posted by ShinyHunters.The CoinbaseCartel gang has previously targeted Lacoste and Ralph Lauren.

Retail sector the target of cyberattacks

Organized hacker groups are systematically targeting the retail industry, and no tier is safe. Retailers from ultra-luxury brands to budget sportswear have been hit over the past year.

In January this year, the World Leaks ransomware gang claimed Nike. It leaked a staggering 1.4TB of data, including garment designs, material specs, retail prices, factory audits, and product timelines spanning 2020 to 2026.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

After US sportswear brand Under Armor allegedly ignored a ransom demand from the November 2025 breach, a threat actor dumped a 19.5GB dataset containing 72.7 million customer and employee email addresses on an illicit marketplace.

ADVERTISEMENT

One of the most jaw-dropping retail breaches occurred in 2025, when Kering, the parent of Gucci, Balenciaga, and Alexander McQueen, confirmed a massive breach by ShinyHunters. The gang claimed to have stolen 7.4 million files of customer data dating back to an initial intrusion in April 2025.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked