Toys 'R' Us Canada says customers' personal info impacted in cyberattack
Toys “R” Us has informed customers in Canada of a cybersecurity incident that resulted in unauthorized access to personal information.
Toys “R” Us sent an email to customers in Canada, explaining that the toy company became aware of the incident on July 30, after an online post indicated that information had been stolen from its database.
One X user shared a screenshot of the email sent to customers, which states that the company immediately took action by hiring third-party cybersecurity experts to contain and investigate the incident.
ACHPF/Shutterstock
“The investigation found that a subset of our customer records was copied from our database,” stated the email. “These records may have contained all or some of the following personal information relating to you: name, address, email, and phone number.”
FYI – Toys R Us is reporting a “Cybersecurity Incident” they became aware of on July 30, 2025
“The investigation found that a subset of our customer records was copied from our database. These records may have contained all or some of the following personal information relating… pic.twitter.com/JfZIkHM7xG
— Lbabinz 🇨🇦 (@Lbabinz) October 23, 2025
Despite this, the company noted that it’s not aware of any evidence that customers’ information had been used for “fraudulent purposes.” It also stated that passwords, credit card details, or similar data were not part of the data breach.
In response to the incident, Toys “R” Us said that it implemented several enhanced security measures to prevent the possibility of a similar incident.
One customer criticized the company for taking too long to inform people.
“Took them three months to let customers know,” one X user stated.
According to the Justice Law Website, which is maintained by the Department of Justice, those affected must be informed as soon as a breach has been discovered.
“The notification shall be given as soon as feasible after the organization determines that the breach has occurred,” reads the site.
ACHPF/Shutterstock
The company is urging customers not to click on links or download attachments from suspicious sources. Customers are also advised not to respond to any emails or texts from individuals posing as Toys “R” Us and requesting personal information. Additionally, the company warns of potential spoofing or phishing attempts, where emails may appear to come from a trusted source.
According to its website, Toys “R” Us operates 54 stores across the country. Daily Hive has reached out to the company for more information.