Overview
- The company detected unauthorized activity on October 2 in an e-commerce database tied to Canadian Tire, SportChek, Mark's/L’Équipeur, and Party City accounts.
- Exposed data included names, addresses, emails, birth years, encrypted passwords, and partial credit card numbers, with full dates of birth present for fewer than 150,000 accounts.
- Canadian Tire says the breach did not involve Canadian Tire Bank or Triangle Rewards data and the information was insufficient to access accounts or make purchases.
- The vulnerability has been fixed, e-commerce operations remain available, and the company reports no indication of ongoing unauthorized activity as monitoring continues with internal and external experts.
- Impacted customers will be notified by email and offered TransUnion Canada credit monitoring, and the company has alerted privacy regulators and advises using strong unique passwords and multi-factor authentication.