Canada Goose ruffles feathers over 600K record dump, says leak is old news
(2026/02/16)
- Reference: 1771264867
- News link: https://www.theregister.co.uk/2026/02/16/canada_goose_shinyhunters/
- Source link:
Canada Goose says an advertised breach of 600,000 records is an old raid and there are no signs of a recent compromise.
The down-filled jacket purveyor did not answer questions about how old the data is or how it was originally taken, but told us it relates to past customer purcahses.
"Canada Goose is aware that a historical dataset relating to past customer transactions has recently been published online," a spokesperson said. "At this time, we have no indication of any breach of our own systems. We are currently reviewing the newly released dataset to assess its accuracy and scope, and will take any further steps as may be appropriate."
[1]
"To be clear, our review shows no evidence that unmasked financial data was involved. Canada Goose remains committed to protecting customer information."
[2]
[3]
ShinyHunters posted the company's data for download on February 14 via their leak site. The criminals' advert for the data claimed there were more than 600,000 records, each containing personally identifiable information, as well as payment/financial details.
The Register reviewed a number of the records available online via a JSON file, and ShinyHunters' description of the data appears accurate.
[4]
It includes names and other usual PII data points, as well as partial payment information and order details, such as price and delivery address.
[5]Betterment breach may expose 1.4M users after social engineering attack
[6]ShinyHunters swipes right on 10M records in alleged dating app data grab
[7]Let them eat sourdough: ShinyHunters claims Panera Bread as stolen credentials victim
[8]Canva among ~100 targets of ShinyHunters Okta identity-theft campaign
A cursory scan suggests affected individuals appear to be based across North America and Europe.
New year, new me
ShinyHunters has had a busy start to 2026: the cybercriminals now have their own data leak site, and have posted a number of high-profile victims this year alone.
Crunchbase and Betterment, two examples of these scalps, were raided as part of the group's [9]targeting of Okta accounts through voice phishing .
Among the other victims are SoundCloud, [10]Match Group , [11]Panera Bread , Harvard University, and wealth management firm Mercer Advisors.
Last year, the criminal crew was linked to attacks on Salesforce, which led to the theft of data belonging to [12]more than 200 of the company's customers , as well as SalesLoft Drift, a Salesforce integration that compromised various [13]Salesforce instances . ®
Get our [14]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aZOhjXvsz1Yu8dTPhR1PTwAAAIs&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZOhjXvsz1Yu8dTPhR1PTwAAAIs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZOhjXvsz1Yu8dTPhR1PTwAAAIs&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZOhjXvsz1Yu8dTPhR1PTwAAAIs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2026/02/05/betterment_hack/
[6] https://www.theregister.com/2026/01/29/shinyhunters_match_group/
[7] https://www.theregister.com/2026/01/27/shinyhunters_claim_panera_bread/
[8] https://www.theregister.com/2026/01/26/shinyhunters_okta_sso_campaign/
[9] https://www.theregister.com/2026/01/23/shinyhunters_claims_okta_customer_breaches/
[10] https://www.theregister.com/2026/01/29/shinyhunters_match_group/
[11] https://www.theregister.com/2026/01/27/shinyhunters_claim_panera_bread/
[12] https://www.theregister.com/2025/11/20/salesforce_gainsight_breach/
[13] https://www.theregister.com/2025/09/02/zscaler_customer_data_drift_compromise/
[14] https://whitepapers.theregister.com/
The down-filled jacket purveyor did not answer questions about how old the data is or how it was originally taken, but told us it relates to past customer purcahses.
"Canada Goose is aware that a historical dataset relating to past customer transactions has recently been published online," a spokesperson said. "At this time, we have no indication of any breach of our own systems. We are currently reviewing the newly released dataset to assess its accuracy and scope, and will take any further steps as may be appropriate."
[1]
"To be clear, our review shows no evidence that unmasked financial data was involved. Canada Goose remains committed to protecting customer information."
[2]
[3]
ShinyHunters posted the company's data for download on February 14 via their leak site. The criminals' advert for the data claimed there were more than 600,000 records, each containing personally identifiable information, as well as payment/financial details.
The Register reviewed a number of the records available online via a JSON file, and ShinyHunters' description of the data appears accurate.
[4]
It includes names and other usual PII data points, as well as partial payment information and order details, such as price and delivery address.
[5]Betterment breach may expose 1.4M users after social engineering attack
[6]ShinyHunters swipes right on 10M records in alleged dating app data grab
[7]Let them eat sourdough: ShinyHunters claims Panera Bread as stolen credentials victim
[8]Canva among ~100 targets of ShinyHunters Okta identity-theft campaign
A cursory scan suggests affected individuals appear to be based across North America and Europe.
New year, new me
ShinyHunters has had a busy start to 2026: the cybercriminals now have their own data leak site, and have posted a number of high-profile victims this year alone.
Crunchbase and Betterment, two examples of these scalps, were raided as part of the group's [9]targeting of Okta accounts through voice phishing .
Among the other victims are SoundCloud, [10]Match Group , [11]Panera Bread , Harvard University, and wealth management firm Mercer Advisors.
Last year, the criminal crew was linked to attacks on Salesforce, which led to the theft of data belonging to [12]more than 200 of the company's customers , as well as SalesLoft Drift, a Salesforce integration that compromised various [13]Salesforce instances . ®
Get our [14]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aZOhjXvsz1Yu8dTPhR1PTwAAAIs&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZOhjXvsz1Yu8dTPhR1PTwAAAIs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZOhjXvsz1Yu8dTPhR1PTwAAAIs&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZOhjXvsz1Yu8dTPhR1PTwAAAIs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2026/02/05/betterment_hack/
[6] https://www.theregister.com/2026/01/29/shinyhunters_match_group/
[7] https://www.theregister.com/2026/01/27/shinyhunters_claim_panera_bread/
[8] https://www.theregister.com/2026/01/26/shinyhunters_okta_sso_campaign/
[9] https://www.theregister.com/2026/01/23/shinyhunters_claims_okta_customer_breaches/
[10] https://www.theregister.com/2026/01/29/shinyhunters_match_group/
[11] https://www.theregister.com/2026/01/27/shinyhunters_claim_panera_bread/
[12] https://www.theregister.com/2025/11/20/salesforce_gainsight_breach/
[13] https://www.theregister.com/2025/09/02/zscaler_customer_data_drift_compromise/
[14] https://whitepapers.theregister.com/
elsergiovolador
These notifications are just theatre anyway. They lead to nothing. At best you'd get Experian subscription and a lollypop.
cd
So this is a company with customers, who will give over PII after paying too much for a down jacket...nothing to see here, esp inside their cranii.
So if it's an old leak they'll have already notified the customers and any relevant authorities as required by the legislation in the various countries in which they operate. No?