Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Toys “R” Us Canada customer data leak

Data Leak
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Toys “R” Us Canada confirmed a customer data leak that exposed personal information from its database, creating privacy and phishing risk for customers. The company said the records were stolen from its systems and later leaked on the dark web. Exposed fields may include full names, physical addresses, email addresses, and phone numbers. The company said passwords and credit cards were not exposed and has begun containment and regulator notifications.

Timeline

  1. 24.10.2025 01:25 1 articles · 7mo ago

    Threat actor posting exposes Toys “R” Us Canada customer data

    Detection Ioc Update

    On July 30, 2025, Toys “R” Us Canada became aware of a dark web posting in which a third party claimed to have stolen information from its database; third-party experts later confirmed that the posted customer data was authentic and that unauthorized copying had occurred from the customer database.

    Show sources
    Open in new tab
  2. 24.10.2025 01:25 1 articles · 7mo ago

    Toys “R” Us Canada upgrades security and notifies regulators after the leak

    Mitigation Patch Update

    By October 23, 2025, Toys “R” Us Canada said it had upgraded the security of its IT systems with cybersecurity experts and was notifying the applicable privacy regulatory authorities in Canada after discovering that unauthorized access led to customer records being copied from the customer database; the company also said account passwords and credit card information were not exposed.

    Show sources
    Open in new tab