Canada Goose Breach: 582K Accounts Exposed

Overview

In February 2026, a significant data breach involving Canada Goose customer information was made public. The breach exposed approximately 582,000 unique customer records. According to Canada Goose, the compromised data appears to be from past customer transactions and did not originate from their own systems directly. The company states the data came from a breach at a third-party service provider in August 2025, with the most recent transaction in the dataset dating to July 2025. This incident highlights the risks inherent when personal data is shared with and stored by vendor partners.

What Was Exposed

The published dataset is extensive and includes several sensitive personal and financial details:

• Personal Identifiers: Full names, email addresses, phone numbers, and physical addresses.
• Financial Data: Partial credit card information, including the card type (e.g., Visa, Mastercard) and the last four digits of the card number.
• Digital Identifiers: IP addresses, which can reveal approximate geographical location and internet service provider.

Potential Impact

The combination of exposed data creates a high-risk situation for affected individuals, warranting a CRITICAL severity rating.

• Targeted Phishing & Smishing: With names, email addresses, and phone numbers, criminals can craft highly convincing phishing emails or smishing (SMS phishing) texts pretending to be Canada Goose or other trusted entities to steal more information or deliver malware.
• Identity Theft & Fraud: Names paired with physical addresses are key pieces for identity theft. Scammers can use this information to apply for credit or services fraudulently.
• Financial Fraud: While the full card number was not exposed, the card type and last four digits are often used by companies to “verify” your identity in phone or chat support. This could be leveraged in social engineering attacks against you or other institutions.
• Physical Security Concerns: The exposure of home addresses raises potential concerns for physical security or targeted harassment.

Recommendations

If you have ever made a purchase from Canada Goose, take the following steps immediately:

1. Be Extremely Vigilant with Communications: Treat any unsolicited calls, texts, or emails-especially those referencing Canada Goose, your recent orders, or your credit card-with extreme suspicion. Do not click on links or provide any information. Contact the company directly through their official website.
2. Monitor Financial Statements: Scrutinize your bank and credit card statements for any unauthorized transactions, no matter how small. Report discrepancies to your financial institution immediately.
3. Consider a Credit Freeze: For the strongest protection against new account fraud, place a free credit freeze with the three major credit bureaus (Equifax, TransUnion, and Experian). This prevents anyone from opening new credit in your name.
4. Use Unique, Strong Passwords: If you used the same password for your Canada Goose account elsewhere, change it immediately on all other sites. Use a password manager to create and store strong, unique passwords for every online account.

How to Check If You’re Affected

The breach has been reported to the free notification service Have I Been Pwned.

1. Visit haveibeenpwned.com.
2. Enter your email address(es) into the search bar.
3. If your email was involved in this incident, it will be listed under the “Canada Goose” breach entry. You can access the specific breach notification page directly at: https://haveibeenpwned.com/Breach/CanadaGoose