Toys “R” Us Canada Confirms Customer Data Breach
The company is warning affected customers to stay vigilant for phishing attempts following a confirmed data exposure.
Toys “R” Us Canada has confirmed a data breach affecting customer information, after threat actors published stolen records on the dark web.
The company learned of the incident on July 30, 2025, when a post appeared online claiming to contain data from its systems.
A subsequent investigation, carried out in collaboration with independent cybersecurity experts, verified the authenticity of the leaked data.
According to customer notification letters, the attackers managed to copy certain records from the retailer’s database containing personal information.
- The extent of the breach varies between customers, but leaked details may include:
Toys “R” Us Canada emphasized that sensitive data such as account passwords and payment card details were not compromised.
Author's summary: Toys “R” Us Canada confirms data breach.