Canada Computers says a cybersecurity incident affecting its online retail platform may have exposed personal and payment information belonging to some customers who completed purchases through the website’s guest checkout system. The company has stated that the issue was limited to specific online transactions and did not affect purchases made in physical stores or orders placed while signed in to a Canada Computers member account.
Who may be affected?
According to Canada Computers, the incident primarily affects customers who placed online orders using the guest checkout option during the identified period between late December 2025 and late January 2026. Customers who logged into an existing account before completing a purchase are not included in the affected group based on the company’s current findings.
Key facts
- The incident involves the company’s online retail website.
- Guest checkout customers are the primary group identified by the company.
- In-store purchases are not part of the reported breach.
- Member account purchases are not believed to have been affected.
- Affected customers are being offered complimentary credit monitoring and identity protection services.
What information could have been exposed?
Canada Computers has indicated that information entered during guest checkout may have been accessed by an unauthorized party. Depending on an individual order, this could include a customer’s name, email address, telephone number, billing address, order information and payment card details entered during checkout.
The company has not publicly stated that every affected customer had the same information exposed. As with many retail cybersecurity investigations, the exact data involved can vary from one transaction to another while forensic specialists continue reviewing system activity.
Why guest checkout became the focus
Guest checkout is designed to let customers complete purchases without creating an account, making online shopping quicker. However, it also creates a separate payment workflow where personal and payment information is collected in a single transaction.
Cybersecurity experts have long warned that checkout pages remain attractive targets because they process valuable payment data in real time. In some incidents involving online retailers worldwide, attackers have inserted malicious code—commonly known as web-skimming or Magecart-style attacks—to capture information entered into payment forms before it reaches the retailer’s systems.
Canada Computers has not publicly attributed the incident to a specific attack method, and the investigation remains ongoing.
Timeline of the incident
The company says the affected purchases were made during a period stretching from late December 2025 through late January 2026. Canada Computers has stated it became aware of unauthorized activity on January 22 and subsequently launched an investigation with cybersecurity specialists.
If you placed an order during the affected period
- Review the date of your purchase.
- Confirm whether you used guest checkout instead of signing into an account.
- Monitor payment card statements for unfamiliar transactions.
- Take advantage of any credit monitoring services offered by the company.
- Remain cautious of emails, phone calls or text messages requesting financial information.
What the breach means for consumers
A compromised payment card does not automatically result in fraud, but financial institutions often recommend monitoring accounts closely after any confirmed retail breach. Criminals sometimes begin with small authorization attempts before making larger purchases if a payment card remains active.
Another risk comes from phishing campaigns. If contact information was exposed, scammers may send convincing emails or text messages that appear to reference genuine purchases in an attempt to collect passwords or additional financial details.
Canada’s federal privacy framework requires organizations to assess whether a breach creates a real risk of significant harm and notify affected individuals when appropriate. Customers should rely on official communications from the retailer and their financial institution when deciding whether to replace payment cards or take further protective measures.
Investigation continues
Canada Computers says it continues to investigate the incident with cybersecurity experts while working to identify everyone affected. The retailer has offered complimentary credit monitoring and identity protection services to eligible customers and says it is contacting impacted individuals directly.
Recent retail breaches have shown that payment pages remain one of the most frequently targeted parts of online shopping platforms. While retailers continue strengthening security controls, consumers can reduce risk by reviewing account activity regularly, enabling transaction alerts from their bank and responding promptly to official breach notifications.
For additional consumer technology and cybersecurity news, visit the latest technology coverage.
Canada Computers’ public notice and continuing updates are available through the company’s official communications. Additional reporting on the incident has been published by Canadian Underwriter.














