October 16, 2025 Canadian Tire Corp. Ltd. says a data breach in its e-commerce system exposed personal information from customers who made online purchases through its websites.

The company said it discovered the breach on Oct. 2, involving data from shoppers with online accounts at Canadian Tire and its other retail banners, including SportChek, Mark’s/L’Équipeur, and Party City.

The compromised information included names, addresses, email addresses, and birth years. Encrypted passwords and partial credit card numbers—similar to those printed on receipts—were also accessed. The full birth dates of fewer than 150,000 customers were involved, and those affected will be contacted directly and offered credit monitoring through TransUnion Canada.

Canadian Tire said the incident did not affect data from its financial arm, Canadian Tire Bank, or its Triangle Rewards loyalty program. The company emphasized that the breach did not allow unauthorized access to accounts or purchases, and that its in-store and e-commerce systems remain operational.

The retailer says it has fixed the vulnerability and is working with cybersecurity experts to strengthen defences. “All of our websites and systems continue to be monitored closely,” the company said in a customer update.

Canadian Tire reminded customers to use strong, unique passwords and enable multi-factor authentication.

The breach comes amid a rising number of cyber incidents in Canada. Statistics Canada reported more than 92,000 police-reported cybercrimes in 2024, up sharply from 65,000 in 2020, with nearly half involving fraud.

Source: The Canadian Press (Tara Deschamps)