Fashion brand Canada Goose claims a 600,000-record data dump by ShinyHunters involves only historical customer data, not a recent breach of their systems.
Fashion brand Canada Goose has pushed back against claims that it suffered a recent data breach after cybercriminals associated with the ShinyHunters group advertised a dump of 600,000 customer records. The down-filled jacket purveyor told The Register that the data in question relates to "past customer transactions" and that there are currently no signs of a breach to its own systems.
"Canada Goose is aware that a historical dataset relating to past customer transactions has recently been published online," a spokesperson said. "At this time, we have no indication of any breach of our own systems. We are currently reviewing the newly released dataset to assess its accuracy and scope, and will take any further steps as may be appropriate."
ShinyHunters posted the company's data for download on February 14 via their leak site. The criminals' advert claimed there were more than 600,000 records, each containing personally identifiable information as well as payment and financial details. The Register reviewed a number of the records available online via a JSON file, and ShinyHunters' description of the data appears accurate. It includes names and other usual PII data points, as well as partial payment information and order details such as price and delivery address.
Canada Goose maintains that the data is historical and that no unmasked financial data was involved in the alleged breach. The company stated it remains committed to protecting customer information, though it did not answer questions about how old the data is or how it was originally taken.
This incident is part of a broader pattern of activity from ShinyHunters, which has had a busy start to 2026. The cybercriminal group now operates its own data leak site and has posted a number of high-profile victims this year alone. Among their claimed targets are Crunchbase, Betterment, SoundCloud, Match Group, Panera Bread, Harvard University, and wealth management firm Mercer Advisors.
The group has been particularly active in targeting Okta accounts through voice phishing campaigns. Last year, ShinyHunters was linked to attacks on Salesforce that led to the theft of data belonging to more than 200 of the company's customers, as well as SalesLoft Drift, a Salesforce integration that compromised various Salesforce instances.
While Canada Goose insists the data is old and there's no evidence of a current system breach, the incident highlights the ongoing challenges organizations face in managing historical customer data and the persistent threat posed by well-organized cybercriminal groups like ShinyHunters.
Comments
Please log in or register to join the discussion