Canadian Tire Confirms Major Data Breach Exposing Customers’ Personal and Financial Information

Canadian Tire Corporation said it recently experienced a significant data security breach that exposed sensitive personal and financial information of its customers.

 

Canadian Tire Corporation is a Canadian retail company with a portfolio that includes a retail segment, financial services, and a real estate investment trust (REIT). It operates several retail brands, including Canadian Tire stores, Mark’s, Sport Chek, and Party City. The company offers a wide range of products such as automotive parts, sporting goods, home products, and apparel.

 

In a data security incident notice published on its website, CTC said that on October 2, it identified suspicious activity within its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected platform and notified relevant law enforcement authorities about the same.

 

“A data breach occurred in a specific e-commerce database that included customer accounts for Canadian Tire, SportChek, Mark’s/L’Équipeur and Party City.

 

“The unauthorised activity was limited to that database, which did not include Canadian Tire Bank information or Triangle Rewards loyalty data,” CTC said.

 

The compromised data included names, addresses, email addresses, year of birth, encrypted passwords and partial credit card numbers. 

 

“The password and credit card information cannot be used for account access, transactions or purchases. The database did not include Canadian Tire Bank information or Triangle Rewards loyalty data,” CTC added.

 

The company confirmed that the unauthorised access has been eliminated and the database is now secure. Its websites and systems remain under constant surveillance. At this time, there is no evidence of any continued unauthorised activity.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on CTC. The company also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.