Toys “R” Us Canada has notified customers of a data breach that they say may have compromised their personal information.
In an email sent to customers Thursday morning, the toy store said it learned on July 30 that someone had posted information on the “non-indexed Internet” claiming to have stolen from the business' databases.
It is unclear whether Toys “R” Us Canada was referring to the deep web, a part of the Internet that is difficult to access because it is not indexed by search engines, or the dark web, which is accessed through software and is often a haven for criminal activity.
The company did not immediately respond to a request for comment on the email about the breach and did not explain why it took so long to notify customers about the incident. The Office of the Privacy Commissioner of Canada's website says the law requires companies to notify individuals whose personal information may have been compromised “as soon as possible.”
However, a message to customers said that after being notified that information allegedly related to the company was circulating online, Toys “R” Us Canada hired cybersecurity experts to investigate. They confirmed that the recordings were copied by an unauthorized third party.
The company said the hacked records may include names, addresses, emails and phone numbers of customers.
A security specialist and a privacy expert discuss what the Capital One hack means to you and how Canadians can protect their information.
It said the incident did not involve any passwords, credit card details or similar sensitive data, and the company saw no evidence that any compromised information was misused.
“We regret any inconvenience or concern this incident may cause you,” the email from Toys “R” Us Canada said.
“We are committed to further improving our security and are constantly working to update our systems to prevent an incident like this from happening again.”
The company added that it is now reporting the incident to privacy regulators and has retained legal counsel to assist with the process.
Vito Pilieci, a spokesman for the Office of the Privacy Commissioner of Canada, said in an email that the organization is aware of the breach and has reached out to Toys “R” Us Canada to obtain more information and determine next steps.
Toys “R” Us Canada urged customers not to respond to any “unsolicited” or “unsolicited” emails or text messages purporting to be from Toys “R” Us. The messages may be fraudulent, the company said.
He also advised shoppers not to click on links or download attachments from suspicious emails and said they should be wary of phishing and spoofing attempts.
54:36The value of your data and how to protect it
Phishing is when scammers impersonate trusted people or website login forms to trick victims into entering or revealing sensitive information such as passwords or credit card numbers.
Spoofing is when someone falsifies information to appear trustworthy. — for example, Toys “R” Us Canada reports that the spoofed sender's email address may contain an additional character or letter that is different from the genuine business email address.
Cybersecurity issues were reported at Canadian Tire Corp. this month. Ltd. Last year, hacking also affected Nova Scotia Power, the College of New Caledonia in Prince George, British Columbia, and PowerSchool, a maker of educational software used in many schools.
Data from Statistics Canada shows the number of police-reported cybercrimes in the country reached 92,567 last year, up from 65,141 in 2020. Fraud alone accounted for 46,301 of these crimes, while identity theft accounted for 957 and identity fraud 4,283.
:quality(85):upscale()/2025/10/22/797/n/49351082/847a4e5f68f91d9c0ebb41.92551118_.png?w=150&resize=150,150&ssl=1 "Why I Went on a Fitmoon 6.5 Months Pregnant")
