Canadian Tire has confirmed that a data breach affected the personal information of some customers.
The retailer says it found a vulnerability in one of its e-commerce databases on October 2.
This database stores the information of people who have online accounts with Canadian Tire and its affiliated brands, which include SportChek, Mark’s/L’Équipeur and Party City. The data that was exposed includes names, addresses, emails, birth years and encrypted passwords, and in some cases, even partial credit card numbers.
Canada Tire Will Offer Credit Monitoring Services to Customers
Canadian Tire also says that the full birth dates of fewer than 150,000 account holders were leaked, although it is not clear where the exact number lies within that range. Canadian Tire says it has identified the affected account holders and will contact them in the next few days to inform them and offer credit monitoring. It also states that it has reported the breach to the appropriate privacy regulators.
Data Breach Did Not Affect In- Store Transactions
Despite this, the retailer emphasizes that the breach did not give enough information for malicious actors to access accounts or make purchases. It also states that the incident does not affect any in-store transactions, Canadian Tire Bank information, or Triangle Rewards loyalty data.
Canadian Tire has also increased its cybersecurity measures to prevent similar incidents in the future, and it assures customers that it is working closely with security experts to strengthen its systems, protect sensitive data, and maintain trust in its digital platforms.
In addition, the retailer is conducting a full internal investigation to understand how the vulnerability appeared and to improve its data management practices. It plans to update its staff training, invest in advanced monitoring tools, and review all online systems to ensure stronger protection and faster detection of any unusual activity in the future, showing a proactive response.