October 23,2025
RED FM News Desk
Toys “R” Us Canada has informed customers of a data breach that may have compromised personal information, the company said in an email sent Thursday morning.
According to the message, the retailer discovered on July 30 that someone had posted claims on the “unindexed Internet” about stealing data from the company’s databases. It’s unclear whether the company was referring to the deep web—which isn’t indexed by search engines—or the dark web, where illegal activity often occurs.
Toys “R” Us Canada has not yet explained why it took nearly three months to notify customers or responded to requests for comment. Federal privacy laws require organizations to inform individuals of a breach “as soon as feasible.”
After learning about the alleged data leak, the company said it hired cybersecurity experts who confirmed that certain records had been copied by an unauthorized third party.
The stolen data may include customer names, addresses, emails, and phone numbers, but no passwords, credit card details, or other sensitive financial information appear to have been affected. Toys “R” Us Canada also said it has found no evidence that the exposed information has been misused.
“We regret any inconvenience or concern this incident may cause,” the company wrote. “We are committed to improving our security and continuing to upgrade our systems to prevent future incidents.”
Toys “R” Us Canada said it has reported the breach to privacy regulators and engaged legal counsel to assist with the process.
The Office of the Privacy Commissioner of Canada confirmed that it is aware of the breach and has contacted the company for more information.
The retailer also warned customers to be cautious of phishing or spoofing attempts, advising them not to respond to unsolicited messages, click on suspicious links, or download attachments from unknown sources claiming to be from Toys “R” Us.
Loading ...
