Luxury winter coat manufacturer Canada Goose said recent claims of data stolen from the company are not related to any recent breach of its systems. 

On Saturday afternoon, the ShinyHunters cybercriminal organization claimed to have stolen more than 600,000 records from the company containing personal information. 

In a statement to Recorded Future News, a Canada Goose spokesperson said it is aware that “a historical dataset relating to past customer transactions has recently been published online.”

“At this time, we have no indication of any breach of our own systems. We are currently reviewing the newly released dataset to assess its accuracy and scope and will take any further steps as may be appropriate,” the spokesperson said. “To be clear, our review shows no evidence that unmasked financial data was involved.”

The Canada-based company is one of the largest manufacturers of outwear in the world and reported about $1.3 billion in earnings last fiscal year. 

The ShinyHunters organization has continued a long-running string of high-profile cyberattacks on prominent companies dating back to early 2025. 

After a relative lull in activity during the holiday season, the hackers claimed to have stolen millions of records from Harvard University and the University of Pennsylvania in early February. 

Harvard declined to comment on the theft but the University of Pennsylvania said it is in the process of analyzing the stolen data and notifying anyone impacted by the data breach, which several experts tied to recent cyberattacks involving both universities. 

Incident responders from Google said in January that it saw a recent expansion of ShinyHunter’s activity involving “sophisticated voice phishing (vishing) and victim-branded credential harvesting sites to gain initial access to corporate environments by obtaining single sign-on (SSO) credentials and multi-factor authentication (MFA) codes.”

“While this methodology of targeting identity providers and SaaS platforms is consistent with our prior observations of threat activity preceding ShinyHunters-branded extortion, the breadth of targeted cloud platforms continues to expand as these threat actors seek more sensitive data for extortion,” Google experts explained. 

“Further, they appear to be escalating their extortion tactics with recent incidents including harassment of victim personnel, among other tactics.”

Google responded to incidents in the middle of January where the hackers pretended to be IT staff and called employees of organizations claiming the company was updating its multifactor authentication settings — ordering them to enter their previous credentials into hacker-controlled sites made to look legitimate. 

The hackers used the login information to not only steal data but to take over internal email accounts and send phishing emails to cryptocurrency companies. 

Members of ShinyHunters were previously accused of launching hacking campaigns against various industries last summer before a spate of arrests slowed them down.