Toy store Toys “R” Us Canada this week notified its customers that a threat actor stole their personal information and leaked it on the dark web.
The incident, the company said in notification emails to customers, copies of which have been shared on social media platforms, was discovered on July 30, after the information was posted on “the unindexed internet”.
“We immediately hired third-party cybersecurity experts to assist with containment and to investigate the incident. The investigation revealed that the unauthorized third party copied certain records from our customer database which contains personal information,” the notification reads.
The compromised information, the company told shoppers, includes names, addresses, email addresses, and phone numbers. It also said it was in the process of notifying the relevant authorities.
According to Toys “R” Us Canada, no passwords, credit card details, or similar sensitive information was stolen in the data breach.
The company encourages customers to remain vigilant about phishing and similar attacks and to avoid sharing their personal information to potential Toys “R” Us impersonators.
The company has not shared information on when the data breach occurred, how many individuals were affected, or who was responsible for the incident. It is unclear if the company received any extortion demands related to the data breach.
SecurityWeek has emailed Toys “R” Us Canada for additional information on the data breach and will update this article if the company responds.
Toys “R” Us Canada is a subsidiary of the American toy, clothing, and baby product retailer Toys “R” Us. It operates 40 locations in the country, selling dolls, action figures, toys, building blocks, learning games, and more.
Related: Prosper Data Breach Impacts 17.6 Million Accounts
Related: Customer Service Firm 5CA Denies Responsibility for Discord Data Breach
Related: SimonMed Imaging Data Breach Impacts 1.2 Million
Related: Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach
