Industry — Data Breach
Executive Summary
Data breach reported by Dark Reading: Marquis v. SonicWall Lawsuit Ups the Breach Blame Game (also covered by HIBP)
What Happened
In October 2025, Canadian retailer Canadian Tire experienced a data breach that exposed almost 42 million records containing 38 million unique email addresses. The compromised data included names, phone numbers, physical addresses, and passwords stored as PBKDF2 hashes. For some records, dates of birth and partial credit card information such as card type, expiry date, and masked card numbers were also exposed, though Canadian Tire confirmed that bank account information and loyalty program data were not affected.
Who Is Affected
Approximately 38 million individuals whose email addresses were included in Canadian Tire's systems are affected by this breach. Those impacted may have had their personal contact information, masked payment card details, and in some cases dates of birth exposed. Canadian Tire customers in Canada are the primary affected group.
Why It Matters
This breach represents one of the larger retail data exposures in recent years, affecting tens of millions of individuals. The incident highlights ongoing vulnerabilities in retail systems and the risks consumers face when their personal and financial information is stored by large retailers. The breach also contributes to broader discussions about vendor responsibility, as referenced in the SonicWall lawsuit regarding third-party security accountability.
What You Should Do
If you are a Canadian Tire customer, monitor your email for official communications from the company regarding the breach. Change your Canadian Tire account password immediately, especially if you reused that password on other websites or services. Review your credit card statements for any unauthorized transactions and consider placing fraud alerts on your credit reports if your partial payment card information was exposed.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.