Cyber Incident

A data breach occurred in a specific e-commerce database that included customer accounts for Canadian Tire, SportChek, Mark’s/L’Équipeur and Party City. The breach was detected on October 2, 2025, and was resolved quickly.

The database contained basic personal details like name, address, email and year of birth. It also contained encrypted passwords and, in some cases, credit card numbers that are incomplete (similar to what appears on a store receipt). The password and credit card information cannot be used for account access, transactions or purchases. The database did not include Canadian Tire Bank information or Triangle Rewards loyalty data.

Yes. The vulnerability has been resolved, and the database has been secured. All of our websites and systems continue to be monitored closely by internal teams and external cybersecurity experts. There is no indication of any ongoing unauthorized activity.

No action is required. However, it is always good practice to use strong, unique passwords for each of your online accounts. Avoid re-using passwords and make sure to enable multi-factor authentication wherever possible.

We have carefully investigated this issue and have identified the individual account holders whose account record includes more detailed information. Customers whose records included more detailed personal information received an email from TransUnion on behalf of CTC if an email address was on file. In cases where we did not have a valid email, a notice was sent in the mail.

No. The data involved did not include full credit card numbers or CVVs (the security code on the back of your card). In some cases, account information included incomplete credit card numbers, similar to what appears on a store receipt. This cannot be used for account access, transactions or purchases.

If you did not receive an email from TransUnion Canada, on behalf of CTC, or did not receive a notice in the mail, there is no action required specific to this incident. As always, stay alert for any unusual activity. If you notice anything suspicious, contact your financial institution and report any fraud to police.

CTC has resolved the vulnerability and is working with external experts to enhance related protections. Cyberattacks are increasing globally, and while no organization is completely immune, CTC has invested significantly to maintain and enhance cybersecurity and protect customer data. Protecting your information and maintaining your trust remain top priorities.

CTC is working with TransUnion Canada to contact customers whose account record includes more detailed information. Customers have either received an email from creditmonitoring@notifications.cyberscout.com or a notice in the mail. If you receive a notice, please follow the directions outlined.

These FAQs will be updated if any information changes.