Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Toys"R"Us Canada

Toys"R"Us Canada Vendor Cyber Rating & Cyber Score

toysrus.ca

Since 1984, Toys“R”Us Canada – in concert with Babies“R”Us Canada and HMV Canada – has been synonymous with FUN. In-store and online, we’re the country’s dedicated specialty retailer of toys and baby products – 100% owned and operated by an independent, proudly Canadian company since 2018. We nurture the needs of Canadian families at every stage, from infant essentials to learning, play, and pop culture. Our toolbox includes a wide range of national brands, exclusive products, innovative programs, and unique partnerships. And because we’re Toys“R”Us, we’re always striving for that core memory-making in-store experience. It’s the goal that spurred us to create PlayLAB: an indoor playground and activity space for children and their


Toys"R"Us Canada A.I CyberSecurity Scoring

Toys"R"Us Canada
Company Information
Website:http://www.toysrus.ca
Employees number:369
Number of followers:40,247
NAICS:43
Industry Type:Retail
Homepage:toysrus.ca
Toys"R"Us Canada Risk Score (AI oriented)
Between 600 and 649
logo
Toys"R"Us CanadaRetail
Updated:
01/04/2026
611/1000
Poor
Caa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Toys"R"Us Canada Global Score (TPRM)
xxxx
logo
Toys"R"Us CanadaRetail
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Toys"R"Us Canada
Toys"R"Us CanadaPoor
Current Score
611Caa (POOR)
01000
3 incidents
-57 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
620Before Incident
JUNE 2026
619Before Incident
MAY 2026
615Before Incident
APRIL 2026
613Before Incident
MARCH 2026
609Before Incident
FEBRUARY 2026
608Before Incident
JANUARY 2026
605Before Incident
DECEMBER 2025
602Before Incident
NOVEMBER 2025
599Before Incident
OCTOBER 2025
653Before Incident
Breach
24 Oct 2025Toys"R"Us Canada
Toys "R" Us Canada

Toys "R" Us Canada Customer Data Leak

596After Incident
CRITICAL-57
TOY1092310102425
Hackers breached Toys "R" Us Canada’s systems and leaked a subset of customer records, exposing names, postal addresses, email addresses, and phone numbers. While no passwords, credit card details, or highly sensitive financial data were compromised, the leaked information poses significant risks for phishing, identity theft, and fraud. The company detected the breach after hackers posted about it on the dark web and responded by hiring a third-party cybersecurity firm for forensic analysis. Enhanced security measures were implemented to prevent future incidents, though the attack method and perpetrators remain unidentified. Authorities were notified, and affected customers were advised to remain vigilant against potential scams. There is currently no evidence of data misuse, but the exposure of valid personal details increases the likelihood of targeted social engineering attacks.
INCIDENT DETAILS -
TYPE
data breachunauthorized data accessdata leak
MOTIVATION
financial gaindata exploitationfraud
IMPACT
namespostal addressesemail addressesphone numbersBrand Reputation Impact: high (risk of phishing, identity theft, and loss of customer trust)Identity Theft Risk: highPayment Information Risk: none (no credit card details or passwords exposed)
DATA BREACH
personally identifiable information (PII)Number Of Records Exposed: subset (exact number undisclosed)Sensitivity Of Data: moderate (names, addresses, emails, phone numbers; no passwords or financial data)namespostal addressesemail addressesphone numbers
SEPTEMBER 2025
651Before Incident
AUGUST 2025
649Before Incident
JULY 2025
704Before Incident
Breach
30 Jul 2025Toys"R"Us Canada
Toys "R" Us Canada

Toys "R" Us Canada Data Breach

647After Incident
CRITICAL-57
TOY4892948102325
Toys "R" Us Canada disclosed a data breach where an unauthorized third party copied customer records, including names, addresses, emails, and phone numbers, from its databases. The stolen data was posted on the unindexed internet (potentially the dark web), though no passwords, credit card details, or evidence of misuse were reported. The breach was discovered on July 30, but customer notifications were delayed. The company hired cybersecurity experts to confirm the incident, engaged legal counsel, and is reporting the breach to privacy regulators. While no financial or highly sensitive data was compromised, the exposure of personal information raises risks of phishing, spoofing, and fraudulent schemes targeting affected customers. The company advised vigilance against suspicious communications and committed to enhancing security measures to prevent future incidents.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
namesaddressesemailsphone numbersBrand Reputation Impact: Potential reputational harm due to customer notification and public disclosureLegal Liabilities: Potential regulatory fines or actions (reporting to privacy regulators)Identity Theft Risk: Low (no sensitive data like passwords or credit card details compromised)Payment Information Risk: None (no credit card details involved)
DATA BREACH
namesaddressesemailsphone numbersSensitivity Of Data: Low (no financial or highly sensitive personal data)
MAY 2025
772Before Incident
Breach
01 May 2025Toys"R"Us Canada
Toys "R" Us Canada

Toys "R" Us Canada Data Breach Exposes Customer Information on Dark Web

701After Incident
CRITICAL-71
TOY2192021102525
Toys "R" Us Canada suffered a data breach in July, where threat actors accessed and leaked customer information on the dark web. The exposed data included names, email addresses, physical addresses, and phone numbers—though no financial details (e.g., credit cards or passwords) were compromised. The breach heightened risks of identity theft and phishing scams targeting affected shoppers. The company promptly notified customers, aligning with regulatory requirements like Canada’s PIPEDA. While the intrusion method remains speculative, reports suggest potential ties to broader campaigns exploiting software vulnerabilities, such as OAuth token abuse via integrations like Salesloft’s Drift or CL0P’s targeting of Oracle E-Business Suite systems. The incident underscores challenges in securing legacy systems amid digital transformation, with experts emphasizing the need for data minimization and robust threat detection. Customers were advised to monitor for suspicious activity and enhance security measures like two-factor authentication. The breach has sparked industry discussions on zero-trust architectures and third-party vendor risks, while regulators may impose fines if negligence is confirmed.
INCIDENT DETAILS -
TYPE
data breachunauthorized accessdata leak
MOTIVATION
financial gain (data monetization on dark web)potential extortion
IMPACT
namesemail addressesphysical addressesphone numbersBrand Reputation Impact: moderate (proactive disclosure mitigated damage, but risk of phishing/social engineering persists)Legal Liabilities: potential fines under PIPEDA (Canada’s privacy law)Identity Theft Risk: high (exposed PII enables phishing/social engineering)Payment Information Risk: none (no financial data compromised)
DATA BREACH
personally identifiable information (PII)Sensitivity Of Data: moderate (no financial/password data, but high phishing risk)Data Exfiltration: yes (leaked on dark web)namesemail addressesphysical addressesphone numbers

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Toys"R"Us Canada ?
?
What was Toys"R"Us Canada's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Toys"R"Us Canada's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Toys"R"Us Canada's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Toys"R"Us Canada's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Toys"R"Us Canada's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Toys"R"Us Canada's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Toys"R"Us Canada's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Toys"R"Us Canada's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Toys"R"Us Canada's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Toys"R"Us Canada's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Toys"R"Us Canada's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Toys"R"Us Canada's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Toys"R"Us Canada ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Toys"R"Us Canada's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?