Toys R Us Canada Customer Data Breach and Online Leak
Toys R Us Canada notified customers that attackers accessed their customer database, stole personal information, and subsequently posted the data online. The breach was discovered on July 30, 2025, after threat actors claimed to have published the stolen data on the unindexed internet. The compromised information includes names, addresses, phone numbers, and email addresses, but does not include passwords, credit card details, or other highly confidential data. The company engaged third-party cybersecurity experts to investigate and contain the incident and is in the process of reporting the breach to Canadian privacy authorities.
Customers have been advised to remain vigilant against phishing attempts and unsolicited communications that may impersonate Toys R Us. While the company has upgraded its IT security systems following the breach, it has not offered free identity or fraud monitoring services to affected individuals. The total number of impacted customers has not been disclosed, but the incident highlights the risks of identity fraud, phishing, and other malicious activities that can result from the exposure of personal information online.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Stolen Toys “R” Us Canada customer data is dumped online
Attackers published the stolen customer data online, escalating the incident from a breach to a public data leak. This online exposure was highlighted in subsequent coverage of the breach.
Toys “R” Us Canada notifies customers of leaked personal information
The company warned customers that their personal information had been compromised in the breach. Multiple outlets reported customer notifications and public disclosure of the incident.
Toys “R” Us Canada suffers customer data breach
Toys “R” Us Canada experienced a data breach affecting customer personal information. Reporting indicates attackers stole customer data and later exposed it online.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Toys “R” Us Canada customers notified of breach of personal information
databreaches.net
Open sourceData breach impacts Toys “R” Us Canada customers
scworld.com
Open sourcePlaytime’s over: Crooks swipe Toys R Us Canada customer data and dump it online
go.theregister.com
Open sourceToys “R” Us Canada affected by data breach hitting personal data
mobilesyrup.com
Open sourceToys “R” Us Canada warns customers' info leaked in data breach
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Canadian Tire E-commerce Database Breach Exposes Data for Over 38 Million Accounts
**Canadian Tire Corporation** disclosed a major breach of its **e-commerce customer database** after identifying unauthorized access on **October 2, 2025**, exposing personal data tied to **38+ million customer accounts**. Exposed data included names, physical addresses, email addresses, year of birth (and for **<150,000** accounts, full dates of birth), and **encrypted passwords**; some records also contained **truncated payment card numbers**. The company stated the exposed financial data could not be used to conduct transactions, and reported **no impact** to in-store systems, *Canadian Tire Bank*, or *Triangle Rewards*. Canadian Tire reported it **remediated the underlying issue**, notified regulators, and planned customer notifications and **credit monitoring**. *Have I Been Pwned* added the incident to its corpus, reporting roughly **42 million records** (including **~38.3 million email addresses**) and indicating the dataset includes **PBKDF2 password hashes** along with additional fields such as phone numbers and gender, increasing the likelihood of credential-stuffing and identity-fraud follow-on activity.
Mar 27, 2026
Loblaw Customer Data Breach via Compromised IT Network Segment
**Loblaw Companies Limited** disclosed that attackers gained unauthorized access to a contained, non-critical portion of its IT network and exfiltrated basic customer information. The company said the exposed data includes **names, phone numbers, and email addresses**, while its investigation has so far found no evidence that **passwords, payment card data, health or pharmacy records, or PC Financial systems** were compromised. Loblaw said it detected suspicious activity, contained the affected environment, and launched an investigation into the intrusion. Reporting on the incident indicates the breach affected customer records stored in that segmented environment, creating follow-on risk of **phishing and social engineering** against impacted individuals. As a precaution, Loblaw logged customers out of their accounts, and external reporting noted no public threat actor claim tied to the intrusion at the time of publication. The available information indicates a limited but confirmed exposure of personally identifiable information rather than a compromise of Loblaw’s core operational, financial, or medical data systems.
Mar 21, 2026
Tenga Customer Data Exposed After Employee Email Account Compromise
**Tenga** disclosed a data breach after an attacker gained unauthorized access to a single employee’s professional email account, allowing visibility into the mailbox contents and enabling outbound spam/phishing to the employee’s contacts, including customers. The exposed information potentially included customer **names, email addresses, and historical email correspondence**, which may have contained **order details** or customer service inquiries; Tenga said a forensic review determined the incident affected **approximately 600 U.S. customers**. Tenga characterized the incident as localized and limited in scope, stating its broader systems and databases outside the U.S. were not impacted and that **no Social Security numbers, payment card data, billing information, or store passwords** were compromised. Post-incident actions described included resetting the affected employee’s credentials and implementing or expanding **multi-factor authentication** across systems; customers were advised to remain vigilant for suspicious emails and consider changing passwords as a precaution, particularly for messages appearing to come from the impacted employee account.
Mar 21, 2026