Toys “R” Us Canada has informed its customers about a potential data breach that may have exposed their personal details. The company revealed in an email to shoppers that on July 30, it became aware of information being shared on the “unindexed Internet,” claiming unauthorized access to its databases.
It remains uncertain whether Toys “R” Us Canada was specifically referring to the deep web or the dark web, both known for restricted access and potential criminal activities. Despite inquiries about the delay in communicating the breach to customers, the company did not provide an immediate response. According to the Office of the Privacy Commissioner of Canada, companies are obligated by law to promptly notify individuals affected by potential data breaches.
Following the discovery of online circulation of information linked to the company, Toys “R” Us Canada hired cybersecurity professionals to investigate the incident. They confirmed that unauthorized third parties had copied the records. The compromised data may include customers’ names, addresses, emails, and phone numbers.
The company assured that sensitive information such as passwords and credit card details were not part of the breached records, and there is no evidence of misuse of the compromised data. Toys “R” Us Canada expressed regret for any inconvenience caused and emphasized ongoing efforts to enhance security measures and prevent similar breaches in the future.
To address the breach, the company is in the process of reporting the incident to privacy regulators and has engaged legal counsel for assistance. The Office of the Privacy Commissioner of Canada has reached out to Toys “R” Us Canada for further details and next steps.
Customers were advised to be cautious of unexpected emails or text messages claiming to be from Toys “R” Us and avoid clicking on suspicious links or downloading attachments. The company highlighted the risks of phishing and spoofing attempts, where scammers deceive individuals into disclosing sensitive information.
Recent cybersecurity incidents have also affected other organizations in Canada, including Canadian Tire Corp. Ltd., Nova Scotia Power, the College of New Caledonia, and PowerSchool. Statistics Canada reported an increase in police-reported cybercrimes in the country, with fraud, identity theft, and identity fraud being notable categories of cybercrimes.