Ransomware gang, Akira, has added prominent Canadian retailer, Ardene, to its data leak site and alleges to have stolen 58 GB of data.
This week, Ardene notified customers that a “cyber incident” had impacted its internal systems in January, causing shipping delays. In the email notification, Ardene stated that it wasn’t aware that any customer data had been compromised “at this time.”
In its post, Akira alleges that financial data (audit, payment details, and invoices), customer and employee information (passports, driver’s licenses, emails, and phone numbers), and confidential information had been stolen as part of its attack.
Ardene hasn’t confirmed Akira’s claims or whether or not a ransom has been demanded and/or paid. Its email statement was as follows:
“We sincerely apologize for recent shipping delays and temporary inconsistencies with Ardene Rewards and gift cards. Approximately two weeks ago, we identified and responded to a cyber incident impacting some internal systems. Immediate action was taken to contain the issue, secure the environment and implement precautionary measures. While our investigation into the incident is ongoing, we are not aware of any customer data being compromised at this time.”
Comparitech contacted Ardene for more information on the nature of this attack and was referred to its initial statement.
Who is Akira?
Akira was one of the most dominant ransomware strains of 2025, having first emerged in March 2023. It is thought to have connections to previous group, Conti, which was active between 2019 and 2022.
In 2025 alone, we tracked 769 attacks via Akira, 94 of which have been confirmed by the entity involved. So far this year, Akira has claimed 94 victims with four of these attacks having been confirmed. As well as Ardene, Akira has claimed the following:
- Zurflüh-Feller, France
- Travelmarket A/S, Denmark
- BUHLMANN North America LP, US
Attacks on organizations in Canada
So far this year, we’ve logged two confirmed attacks on Canadian organizations and are monitoring a further 58 unconfirmed attacks.
The other confirmed attack noted this year is on Lakelands Public Health. The public health organization suffered an attack in January 2026, which disrupted internal systems, including phone lines. Ransomware gang Lynx claimed this attack.
Over the years, a number of Canadian retailers have been hit with crippling ransomware attacks. One of the largest was an attack on London Drugs in April 2024. This was claimed by LockBit with a $25 million (USD) ransom, which the retail pharmacy chain refused to pay.
One of the largest known breaches following a ransomware attack was on luxury retailer Harry Rosen in October 2022. Here, 160,000 were impacted following BianLian’s attack.
Since we began tracking ransomware attacks in 2018, 25 Canadian retailers have confirmed an attack.
About Arden
Arden is headquartered in Laval, Canada, and originated as an accessories and jewelry retailer before expanding to cover apparel, footwear, and accessories. Today, it operates over 300 stores across Canada, the US, and worldwide.
