Canada Goose says an advertised breach of 600,000 records is an old raid and there are no signs of a recent compromise.
The down-filled jacket purveyor did not answer questions about how old the data is or how it was originally taken, but told us it relates to past customer purcahses.
“Canada Goose is aware that a historical dataset relating to past customer transactions has recently been published online,” a spokesperson said. “At this time, we have no indication of any breach of our own systems. We are currently reviewing the newly released dataset to assess its accuracy and scope, and will take any further steps as may be appropriate.”
“To be clear, our review shows no evidence that unmasked financial data was involved. Canada Goose remains committed to protecting customer information.”
ShinyHunters posted the company’s data for download on February 14 via their leak site. The criminals’ advert for the data claimed there were more than 600,000 records, each containing personally identifiable information, as well as payment/financial details.
The Register reviewed a number of the records available online via a JSON file, and ShinyHunters’ description of the data appears accurate.
It includes names and other usual PII data points, as well as partial payment information and order details, such as price and delivery address.
[…]
Source: Canada Goose says ShinyHunters only breached old data • The Register
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft