ShinyHunters Claims Theft of 600,000 Canada Goose Customer Records Amid Data Breach Dispute

The data extortion group known as ShinyHunters has claimed responsibility for stealing more than 600,000 customer records allegedly linked to luxury outerwear brand Canada Goose. The group asserts that the dataset contains personal information and payment-related data tied to past transactions.

Canada Goose, however, has stated that it has found no evidence of a breach within its own systems. In a statement provided to media outlets, the company said the dataset appears to relate to historical customer transactions and is currently under review.

The claim marks the latest in a series of high-profile data exposure announcements attributed to ShinyHunters, a group known for targeting retail and SaaS platforms.

What the Threat Actor Is Claiming

According to posts circulating on cybercrime forums, ShinyHunters alleges it possesses over 600,000 customer records tied to Canada Goose. The group claims the dataset includes names, email addresses, phone numbers, shipping details, and payment-related information.

While it remains unclear whether full payment card numbers are included, even partial payment data combined with personal identifiers can significantly increase fraud and phishing risks.

As is common in extortion campaigns, the group has reportedly used sample records to substantiate its claims, though independent verification of the entire dataset has not been publicly confirmed.

Canada Goose Responds

Founded in 1957 and headquartered in Toronto, Canada Goose operates a global retail footprint and employs nearly 4,000 people. The brand is recognized internationally for its performance luxury outerwear.

In response to the allegations, the company indicated that it has not identified evidence of unauthorized access to its internal systems. Officials suggested that the exposed dataset may relate to previously processed customer transactions rather than a new compromise of corporate infrastructure.

The distinction is significant. In some cases, datasets advertised by threat actors originate from third-party service providers, legacy exposures, or previously leaked records aggregated into new compilations.

Investigations are ongoing to determine the origin and authenticity of the data.

ShinyHunters’ Track Record

ShinyHunters has built a reputation for targeting high-profile brands and technology platforms. The group frequently engages in data extortion, threatening to publish or sell stolen records if ransom demands are not met.

Previous campaigns linked to the group have involved retail organizations, SaaS providers, and consumer-facing platforms. Analysts note that the group often leverages compromised credentials, supply chain access, or cloud misconfigurations rather than direct exploitation of hardened core systems.

The tactic of publicly claiming responsibility serves both as leverage and as brand reinforcement within cybercriminal communities.

Potential Risks for Customers

If verified, exposure of 600,000 customer records could create heightened risk of targeted phishing campaigns impersonating Canada Goose, particularly during peak retail seasons.

Fraudsters frequently use leaked purchase history and contact information to craft convincing refund scams or loyalty program impersonation attempts.

Customers are advised to monitor financial statements, enable transaction alerts, and remain cautious of unsolicited communications referencing past purchases.

As investigations continue, the incident underscores a broader reality. Even when organizations deny system compromise, data circulating in underground markets can still generate real-world risk.