Canadian Tire Data Breach

October 1, 2025 · 38,306,562 records · high risk

0 /100

Gravity Score

Critical

Calculated based on the types of data exposed (8 categories) and the volume of affected records (38,306,562).

In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates of birth and partial credit card data were also included (card type, expiry and masked card number). In its disclosure notice, Canadian Tire advised that the incident did not impact bank account information or loyalty program data.

Exposed data

Dates of birth Email addresses Genders Names Partial credit card data Passwords Phone numbers Physical addresses

Affected website

canadiantire.ca

What to do now

🔑Change your password for this service immediately, and for any other account where you reused it 🛡️Enable two-factor authentication (2FA) on all accounts that support it 💳Monitor your bank and credit card statements closely. Consider requesting a new card 📱Watch out for phishing attempts via SMS and suspicious calls ⚠️Be wary of contacts using your personal details to build trust (social engineering) 📧Stay alert for phishing emails that may look legitimate using information from this breach 🔍Use a password manager to create unique, strong passwords for every service

What can we learn from this breach?

Breaches like this offer valuable lessons for the entire industry. Some security practices that help protect data at scale include: using stronger hashing algorithms like Argon2 or bcrypt with unique salts per user; implementing payment data tokenization and ensuring PCI DSS compliance; encrypting sensitive personal data at rest with properly managed encryption keys; segmenting and isolating databases so that a single breach doesn't expose all records. Information security is an ongoing process, and each incident reinforces the importance of investing in data protection.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

Figure

Jan 27, 2026 967,178 records moderate risk

5 data types in common

University of Pennsylvania

Oct 29, 2025 623,750 records moderate risk

5 data types in common

← All breaches