Shoppers who made online purchases through Canadian Tire Corp. Ltd. may have had their personal information compromised.
The retailer said Monday that it identified a data breach on Oct. 2 involving information stored in its e-commerce database.
The breached information belongs to shoppers who had an e-commerce account with Canadian Tire or its other banners, SportChek, Mark’s/L’Équipeur and Party City.
The data included names, addresses, emails and birth years as well as encrypted passwords and in some cases, incomplete credit card numbers. The credit card information that was available was akin to what would appear on store receipt, Canadian Tire said.
The full dates of birth for fewer than 150,000 account holders were also part of the breach. Those customers whose additional information was involved will be contacted and offered credit monitoring from TransUnion Canada, Canadian Tire said.
The breached information did not include Canadian Tire Bank or Triangle Rewards loyalty data and was not enough for anyone unauthorized to access accounts and make purchases, the retailer said.
Get breaking National news
For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.
It added that the incident did not impact its ability to facilitate in-store transactions and its e-commerce systems are operational.
Since discovering the breach, Canadian Tire said it has resolved the vulnerability and is working with experts to improve security.
“All of our websites and systems continue to be monitored closely by internal teams and external cybersecurity experts,” the retailer told customers on a web page set up to provide information about the breach.
“There is no indication of any ongoing unauthorized activity.”
The company told customers that if they do not receive an email from TransUnion Canada on behalf of Canadian Tire, they don’t need to take further action.
However, it reminded shoppers that it is always a good practice to use strong, unique passwords, avoid reusing passwords and enable multi-factor authentication.
“If you notice anything suspicious, contact your financial institution and report any fraud to police,” Canadian Tire said.
Statistics Canada data show the number of police-reported cybercrimes in the country hit 92,567 last year, up from 65,141 in 2020. Fraud alone made up 46,301 of those crimes, while identity theft accounted for 957 and identity fraud 4,283.
Experts have long said cybercrime is under-reported because of the stigma and embarrassment that can be associated with being scammed.
Cybersecurity issues have been reported in the last year at Nova Scotia Power, the College of New Caledonia in Prince George, B.C., and PowerSchool, the maker of education software used by many schools.
© 2025 The Canadian Press
