Toronto – Retail giant Canadian Tire has confirmed that its e-commerce database was breached, compromising sensitive customer information in what officials are describing as a “targeted cyber incident.” The company assured that the breach did not affect its core financial systems but admitted that certain customer data linked to online transactions may have been exposed.
In a statement released late Sunday, Canadian Tire said the breach was detected last week after internal cybersecurity teams noticed “unusual activity” within the online retail network. “We immediately launched a comprehensive investigation with the assistance of leading cybersecurity experts. While our in-store systems remain secure, we can confirm that some customer data from our e-commerce platform was accessed,” the company said.
Although the company declined to specify the number of affected customers, sources close to the investigation indicated that the breach may have compromised names, email addresses, and partial payment information from users who made purchases through the retailer’s website and app in recent months.
Canadian Tire emphasized that no full credit card numbers, CVVs, or banking passwords were accessed, as the company uses encrypted third-party payment gateways. “We take customer privacy seriously and have implemented enhanced security measures across all platforms,” the statement added.
Customers are being advised to monitor their bank statements and watch for phishing emails that could exploit leaked information. “Cybercriminals often use such data to craft convincing scams. Be cautious of emails claiming to be from Canadian Tire requesting personal information,” warned cybersecurity analyst Jordan Miles.
The Office of the Privacy Commissioner of Canada has been notified of the breach, and an independent audit is underway to assess the extent of the damage. The company also confirmed it is contacting potentially affected users directly with further guidance.
Cybersecurity experts say that retail companies have increasingly become targets for hackers seeking to exploit large consumer databases. “Retail platforms are prime targets because they store a mix of personal and transactional data,” said Michael Rowe, a cybersecurity researcher at the University of Waterloo. “Even minor leaks can have significant consequences if that data is used in secondary attacks.”
This incident marks the latest in a string of cyber breaches affecting Canadian businesses this year, following similar attacks on major telecommunications firms and government-linked agencies.
Canadian Tire has promised to strengthen its digital defenses, including multi-layered security monitoring and customer data protection protocols. “We deeply regret the concern this may cause our customers and are doing everything possible to safeguard their information going forward,” the company said.
While the retailer’s physical stores and loyalty programs remain unaffected, the breach serves as a stark reminder of the growing risks in Canada’s rapidly expanding e-commerce landscape — where even trusted brands are not immune to sophisticated cyber threats.