A threat actor has claimed to possess a database allegedly belonging to Canadian fintech company Goodszilla, advertising what they describe as 114,000 customer records on a cybercrime forum.
Goodszilla is a Toronto-based fintech platform that enables online and in-store retailers to integrate charitable donations directly into the checkout process. The company works with merchants to facilitate customer donations to nonprofit organizations as part of the payment experience.
Customer database allegedly offered for download
According to the forum post, the leaked database contains approximately 114,000 records. The threat actor describes the data as originating from goodszilla.ca and shared a small sample intended to support the claim.
The sample indicates the alleged dataset contains customer names, email addresses, province, country, and internal record identifiers. No payment card information, passwords, or financial account details were claimed in the listing.
Limited details provided about the alleged breach
The threat actor did not disclose how the database was allegedly obtained or whether the information originated from a recent intrusion, an older compromise, or another source. No technical details, proof of access, or timeline accompanied the listing.
Even when datasets contain only contact information, they can still present security risks. Names and email addresses may be used in targeted phishing campaigns, credential stuffing attacks when combined with information from other breaches, or broader identity profiling efforts.
Canadian organizations targeted
The alleged Goodszilla leak follows several recent claims involving Canadian organizations. Earlier this month, BreachNews reported on the alleged theft of 6 million appointment records from Canadian software provider Yocale, highlighting continued interest in targeting organizations that process large volumes of customer information.
Goodszilla had not issued any public statement regarding the alleged incident at the time of publication.












