Some Toys “R” Us customers may have had their personal information compromised after the company says it became aware of a “cybersecurity incident” that happened during the summer.
Customers may have had their name, address, email and phone number exposed as part of the data breach, according to a statement from Toys “R” Us Canada which was emailed to affected customers.
Toys “R” Us, which is the banner name behind other store brands including Babies “R” Us and The HMV Shop, stresses that “no passwords, credit card details or similar confidential data,” was exposed in the incident.
The company says it became aware of the breach on July 30, 2025, and tasked a third-party cybersecurity team to help with containing and investigating the incident.
In its statement emailed to customers, Toys “R” Us says the cybersecurity team discovered that those who gained unauthorized access to its systems “copied certain records from our customer database which contains personal information.”
The company goes on to say: “We are not aware of any evidence that suggests any of this information has been misused for fraudulent purposes.”
Get breaking National news
For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.
Toys “R” Us says it plans to enhance its IT systems as well as report the matter to authorities.
“While we already have strong protections in place across our IT systems, in consultation with our third-party cybersecurity experts, we have implemented a number of enhanced security measures to prevent a similar incident occurring in future,” said Toys “R” Us in a statement.
“We are in the process of reporting this matter to the applicable privacy regulatory authorities and we have engaged specialized legal counsel to assist us in this process.”
Cybersecurity incidents are on the rise, and can affect individuals, companies, governments and institutions alike, especially if there are not sufficient systems to defend against breaches. These incidents can expose privacy data and make technical systems vulnerable to disruptions.
In a report released Tuesday, the federal auditor general found there were “significant gaps” in the government’s cybersecurity systems and monitoring efforts.
Canadian companies affected recently by cybersecurity incidents include WestJet and Canadian Tire.
Global News has sent a request for information to Toys “R” Us asking how many customers may be affected, if the incident has only affected Canadian customers and why they are notifying customers now. No response was received as of publishing.
© 2025 Global News, a division of Corus Entertainment Inc.
Toys ‘R’ Us says a data breach this summer hit customers’ personal data
