Toys "R" Us customer data swiped and leaked online - here's what we know

News
By published

Names, addresses, and more from Toys "R" Us customers stolen and leaked on the dark web

Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
(Image credit: Shutterstock)
  • Hackers leaked customer data from Toys "R" Us Canada, exposing names, emails, and phone numbers
  • Company hired cybersecurity experts, strengthened defenses, and notified affected customers and authorities
  • No passwords stolen, but phishing and identity theft risks remain high

Cybercriminals stole and leaked Toys "R" Us Canada’s customer information recently, putting numerous people at risk of phishing, identity theft, and other forms of fraud.

The company has begun notifying affected customers of the incident, and in a letter quickly shared on social media, the company said it had become aware of the breach after hackers posted about it on the dark web.

In response, Toys "R" Us hired a third-party cybersecurity company for forensic analysis and assessment, and determined that a “subset of customer records” was stolen.

Strengthening the security

The letter does not discuss how many people were affected, but it did say that the attackers made away with people’s names, postal addresses, email addresses, and phone numbers.

“We’d like to stress that no passwords, credit card details, or similar confidential data were involved in this incident,” the letter reads.

Further, the company said that it already had “strong protections” in place across its IT systems, but still strengthened it with a “number of enhanced security measures” to prevent future incursions.

There was no word on who the attackers were, or how they managed to break in. It was just said that so far there is no evidence the data was misused.

Valid names, emails, and phone numbers are valuable to cybercriminals who can use them for phishing, identity theft, and other scams, so it’s safe to say it’s only a matter of time before customers start getting emails spoofing Toys "R" Us or similar businesses.

The company said it is currently in the process of notifying relevant authorities, and urged customers to stay vigilant and not respond to unsolicited requests for information, never click on links or attachments from suspicious emails, and generally be wary of phishing and spoofing attempts.

So far, no threat actors claimed responsibility for this attack.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.