Canadian Tire Data Breach

01/10/2025 · 38,306,562 records · high risk

0 /100

Gravity Score

Critical

Calculated based on the types of data exposed (8 categories) and the volume of affected records (38,306,562).

A very large dataset connected to Canadian Tire was publicly disclosed, affecting tens of millions of records. The files combined account identifiers with contact information, and some entries contained more sensitive fields.

The breach included 38 million unique email addresses along with names, phone numbers, and physical addresses. Passwords were present as PBKDF2 hashed values, and a subset of records also contained dates of birth, gender, and partial card data such as card type, expiry date, and the last four digits.

Exposed data

Dates of birth Email addresses Genders Names Partial credit card data Passwords Phone numbers Physical addresses

What to do based on this breach

Change your Canadian Tire password and update any other service where you reused the same or a similar password

Enable two step verification on your email and critical accounts to reduce account takeover risk

Monitor your payment card and discuss preventive options with the issuer, since card type, expiry, and last four digits can be used in verification scams

Be skeptical of calls or texts that cite your date of birth, address, and phone number to “confirm your identity”

What can we learn from this breach?

Breaches that include passwords, even as hashes, raise risk dramatically when people reuse credentials and when the dataset is massive. Partial card details and dates of birth also increase fraud and social engineering potential, so organizations should minimize collection and retention, enforce strong authentication, and protect databases with continuous monitoring.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

Odido

11/02/2026 6,077,025 records high risk

6 data types in common

WIRED

07/09/2025 2,364,431 records moderate risk

6 data types in common

← All breaches