More than 38 million e-commerce accounts were affected by an October 2025 data breach at Canadian Tire that exposed personal customer information and was later listed on Have I Been Pwned. The leaked dataset included names, email addresses, PBKDF2-hashed passwords, partial credit card details, addresses, phone numbers, gender, and some dates of birth, while Canadian Tire said no bank or loyalty data was accessed. #CanadianTire #HaveIBeenPwned
Keypoints
- More than 38 million e-commerce accounts were impacted in the October 2025 breach.
- Unauthorized access to an e-commerce database was discovered on October 2.
- Leaked data included names, email addresses, PBKDF2-hashed passwords, and partial credit card information.
- Fewer than 150,000 records contained dates of birth, and Canadian Tire says no Canadian Tire Bank or Triangle Rewards data was compromised.
- Have I Been Pwned published roughly 42 million records from the incident, which also contained addresses, phone numbers, and gender.
Read More: https://www.securityweek.com/canadian-tire-data-breach-impacts-38-million-accounts/