Toys "R" Us Canada has informed customers about a data breach that may have compromised their personal information. The company reported the incident, which occurred during the summer, in an email sent to affected customers. According to the email, Toys "R" Us became aware of the breach on July 30, 2025, when it was discovered that information had been posted on the deep web, allegedly stolen from the company's databases.

The breach may have exposed customers' names, addresses, email addresses, and phone numbers. However, Toys "R" Us emphasized that no passwords, credit card information, or other sensitive data were involved in the incident. The company engaged a third-party cybersecurity team to investigate and contain the breach. This team confirmed that unauthorized individuals had copied certain records from the customer database.

In its communication, Toys "R" Us stated, "We are not aware of any evidence that suggests any of this information has been misused for fraudulent purposes." The company is taking steps to enhance its IT systems and has reported the matter to the appropriate authorities. Toys "R" Us noted that it already had strong protections in place but is implementing additional security measures based on recommendations from cybersecurity experts.

The rise in cybersecurity incidents has raised concerns across various sectors, affecting individuals, businesses, and government entities. A recent report from the federal auditor general highlighted significant gaps in the government's cybersecurity systems and monitoring efforts. Other Canadian companies, such as WestJet and Canadian Tire, have also reported similar breaches in recent months.

As of now, Toys "R" Us Canada has not disclosed how many customers may be affected by this breach or whether it is limited to Canadian customers. The company has not yet responded to inquiries regarding the timing of the notification to customers.