Goodszilla Allegedly Hit by Data Breach Affecting 114K Customer Records

A threat actor claims to have leaked approximately 114,000 records allegedly belonging to Canadian fintech platform Goodszilla, though the authenticity of the data remains unverified.
Redacted screenshot of a cybercrime forum post claiming a breach of Canadian fintech platform Goodszilla. The post advertises an alleged database containing 114,000 records and displays a blurred sample of customer data fields.
A threat actor claims to have leaked a database allegedly belonging to Goodszilla containing approximately 114,000 records. The forum post describes the dataset as including customer names, email addresses, provinces, and countries, while the visible sample has been redacted by BreachNews to remove personal information.

A threat actor has claimed to possess a database allegedly belonging to Canadian fintech company Goodszilla, advertising what they describe as 114,000 customer records on a cybercrime forum.

Goodszilla is a Toronto-based fintech platform that enables online and in-store retailers to integrate charitable donations directly into the checkout process. The company works with merchants to facilitate customer donations to nonprofit organizations as part of the payment experience.

Customer database allegedly offered for download

According to the forum post, the leaked database contains approximately 114,000 records. The threat actor describes the data as originating from goodszilla.ca and shared a small sample intended to support the claim.

The sample indicates the alleged dataset contains customer names, email addresses, province, country, and internal record identifiers. No payment card information, passwords, or financial account details were claimed in the listing.

Limited details provided about the alleged breach

The threat actor did not disclose how the database was allegedly obtained or whether the information originated from a recent intrusion, an older compromise, or another source. No technical details, proof of access, or timeline accompanied the listing.

Even when datasets contain only contact information, they can still present security risks. Names and email addresses may be used in targeted phishing campaigns, credential stuffing attacks when combined with information from other breaches, or broader identity profiling efforts.

Canadian organizations targeted

The alleged Goodszilla leak follows several recent claims involving Canadian organizations. Earlier this month, BreachNews reported on the alleged theft of 6 million appointment records from Canadian software provider Yocale, highlighting continued interest in targeting organizations that process large volumes of customer information.

Goodszilla had not issued any public statement regarding the alleged incident at the time of publication.

Picture of m00s3c

m00s3c

Moose (@m00s3c) is the author of BreachNews, focusing on data breach intelligence, dark web monitoring, and threat analysis. His work involves analyzing breach claims, reviewing leaked datasets, and tracking threat actor activity to provide clear, factual reporting.

Latest News

BREACHNEWS.COM/SUPPORT/

Support Independent News.

Help support breach monitoring, investigations, infrastructure, and reporting.

Support the site
INTEL.BREACHNEWS.COM

Live Cyber
Threat Map

Explore live cyber activity, recent breach reports, KEV alerts, and public threat feeds from a single interactive dashboard.

Launch Threat Map