Canadian Tire — 38.3M accounts
Severity: High · Kind: Data breach
We've ingested this item but haven't summarised it yet. Read the upstream advisory using the link below in the meantime — the AI summary will appear here once the next run completes.
From the source
In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates of birth and partial credit card data were also included (card type, expiry and masked card number). In its disclosure notice , Canadian Tire advised that the incident did not impact bank account information or loyalty program data.
Breach facts
- Accounts affected
- 38,306,562
- Verified
- Yes
- Sensitive
- No
- Domain
- canadiantire.ca
- Data exposed
- Dates of birthEmail addressesGendersNamesPartial credit card dataPasswordsPhone numbersPhysical addresses
Was this useful?
Plain-English summaries are AI-generated and reviewed for tone, not technical accuracy. For incident response, always rely on the original source linked above.