Security researchers and users posted archived evidence that a malicious web skimmer was active on CanadaComputers.com checkout pages, dating to Dec 31, 2025, and customers have reported subsequent fraudulent card charges. Community documentation suggests a classic form‑jacking compromise that may have exposed card numbers, CVVs, and billing details for shoppers during the affected window.

Community security researchers and affected customers documented what appears to be a Magecart-style web skimmer on CanadaComputers.com checkout pages, with archived snapshots indicating the compromise around Dec 31, 2025. Users on a public forum provided screenshots, code snippets, and timelines showing a malicious script injected into the checkout flow, potentially capturing payment card numbers, CVVs, cardholder names, and billing addresses. Multiple shoppers reported unauthorized card transactions linked to purchases placed during the suspected compromise window, and forum participants urged the retailer to notify customers and work with banks to issue replacement cards. The pattern matches known form-jacking attacks where threat actors replace or append payment form handlers with exfiltration logic that sends captured data to attacker-controlled servers. Security volunteers recommended immediate remediation steps including scanning for injected scripts, rolling API keys, implementing integrity checks for payment pages, and engaging forensic specialists. Consumers were advised to monitor statements, dispute fraudulent charges promptly, and request card reissuance where appropriate.