JCPenney
- Place a fraud alert or credit freeze with the major credit bureaus to block new accounts opened in your name.
- Expect more phishing and spam at this address. Treat messages that reference this company with extra caution.
- Watch for text-message phishing and SIM-swap attempts on your phone number.
- Be wary of targeted scams that use your personal details to sound convincing.
What is the JCPenney data breach?
In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later...
When did the data breach happen?
This data breach occurred around June 2026.
How many accounts were affected?
Around 368,418 accounts were affected.
What information was exposed?
Exposed data included Dates of birth, Email addresses, Government issued IDs, Job titles, Names, Phone numbers, Physical addresses and Usernames.
What should I do if I was affected?
Place a fraud alert or credit freeze with the major credit bureaus to block new accounts opened in your name. Expect more phishing and spam at this address. Treat messages that reference this company with extra caution. Watch for text-message phishing and SIM-swap attempts on your phone number. Be wary of targeted scams that use your personal details to sound convincing.