Canada Goose Confirms Exposure of Customer Data Affecting Approximately 600,000 Individuals
Canada Goose has confirmed that a dataset containing personal information linked to approximately 600,000 customers was published online, following claims by a cybercrime group that it had obtained company-related data. The luxury apparel brand stated that while the information appears to be legitimate, its internal systems were not directly compromised, indicating the data likely originated from a third-party service or historical records rather than an intrusion into its core infrastructure.
Security researchers who reviewed samples of the leaked data reported that it includes customer names, email addresses, phone numbers, billing and shipping addresses, IP addresses, and partial payment-related metadata such as card type and the last four digits of payment cards. Although no full credit card numbers or authentication credentials were exposed, experts warn that the combination of personal and transactional information significantly increases the risk of targeted phishing, fraud, and social engineering attacks.
Canada Goose said it is continuing to investigate the source of the exposure and has taken steps to assess potential risks to affected customers. The company has advised individuals to remain alert for suspicious communications and emphasized that it is working with external cybersecurity specialists to further analyze the incident.
Reference and Sources: