Alleged data breach at North Pole Company Canada: 500,000 users could be affected

Half a million people—that’s the scale of an alleged data breach affecting North Pole Company Canada, an e-commerce platform, according to unconfirmed reports.

The first mention of the alleged breach was made on Sunday, January 19, 2025.

Sensitive information, including names, phone numbers, and addresses, may have been exposed to scammers, fraudsters, and other bad actors.

If confirmed, this would rank among the largest data breaches in Canada from 2024 and looks to be the biggest in terms of the number of people affected in 2025 so far.

Breach details

A user named FutureSeeker posted on January 19, 2025, on a site called Breach Forums, sharing a sample and link to user records from the alleged data breach.

The affected data reportedly includes:

• Name
• Surname
• Complete home address
• Phone number
• Email address.

While the data set may not seem extensive compared to other breaches, it may contain personal information that could be exploited in social engineering attacks like those involving phishing, smishing, and scam calls.

Such information, in the wrong hands, can lead to even more severe consequences, including identity theft.

About North Pole Company Canada

North Pole Company Canada is an e-commerce platform specializing in Christmas gift products for Canadian customers. It is part of the North Pole Company, which operates in the US.

The company offers curated gift baskets with items like coffee, tea, cookies, and chocolates.

What to do if you’re affected

If you suspect you or someone you know has been affected by this potential breach, consider taking these steps to minimize potential harm:

• Update your passwords: Although no passwords have been reported as being breached, it’s wise to change your passwords nonetheless. If you used the same password on other sites, update those as well, replacing them with strong, unique ones: one password per site.
• Be vigilant when it comes to scams: With your contact information potentially exposed, be cautious of social engineering attempts via email, phone, and text messages.

For more instructions, visit our guide.

This alleged breach highlights the critical importance of proactive threat exposure management. Even seemingly ‘basic’ personal information, like names and addresses, can be exploited in targeted social engineering attacks. Organizations should focus on real-time threat intelligence, clear response strategies, and empowering users with practical advice to reduce the risks and fallout from breaches like this.

Vakaris Noreika, Head of Product @ NordStellar

Stay informed

This incident remains unconfirmed, and North Pole Company Canada has not yet issued an official statement.

We will update this article with any new developments to keep you informed.