The Goose Creek data breach exposed 6,574,121 records including Email addresses, Names, Phone numbers, Physical addresses, Purchases. This breach has been verified by HaveIBeenPwned. Affected users should check HaveIBeenPwned.com and take immediate steps to protect their accounts.
What Happened
In June 2026, a party claiming to have access to data from Goose Creek Candle Company sent emails to a number of the company's customers, claiming the company had a security vulnerability and suffered a data breach. The data was subsequently sent to Have I Been Pwned and contained 6.6M unique email addresses along with names, phone numbers, physical addresses, order IDs and total spent. The data appears to have been obtained from the company's Shopify instance. Goose Creek is aware of the reports but was unable to provide Have I Been Pwned with any further information at the time of publication.
- Breach date
- 2026-06-09
- Records affected
- 6,574,121
- Verified
- Yes
- Domain
- goosecreek.com
What Was Exposed
The following data types were included in the breach:
- Email addresses
- Names
- Phone numbers
- Physical addresses
- Purchases
What You Should Do
If you had an account with Goose Creek, take these steps immediately:
- Check if your account was affected at HaveIBeenPwned.com
- Watch for phishing emails that reference the breach or impersonate the affected company
- Be alert for social engineering attempts using your exposed personal information
- Enable two-factor authentication on the affected service if available
- Consider using a password manager to generate unique passwords for each service
FAQ
Was my data in the Goose Creek breach?
What should I do if my data was exposed in the Goose Creek breach?
When did the Goose Creek data breach happen?
Need Incident Response?
Sherlock Forensics investigates data breaches for organizations. We determine scope of exposure, identify attack vectors, preserve evidence for legal proceedings and help you meet notification requirements.
Get Incident Response Help