Recent Data Leaks
Live
← Back to timeline

Data breaches in 2026

66 tracked incidents from 2026

Today
NewsSecurityWeek8h ago

Aflac Japan Data Breach Impacts 4.38 Million

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25. The post Aflac Japan Data Breach Impacts 4.38 Million appeared first on SecurityWeek .

NewsSecurityWeek11h ago

Nissan Employee Data Breached in Oracle PeopleSoft Hack

Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed. The post Nissan Employee Data Breached in Oracle PeopleSoft Hack appeared first on SecurityWeek .

Sunday, June 28, 2026
BreachHave I Been Pwned2d ago

Sysco

In June 2026, the food distribution company Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign . Data was subsequently published containing 2.7M unique email addresses belonging to staff and customers. The data also contained largely...

2,691,852 accounts affectedOccurred 2026
Friday, June 26, 2026
BreachHave I Been Pwned4d ago

American Tower

In June 2026, telecommunications tower infrastructure company American Tower was the target of a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data allegedly taken from the company containing more than 200k unique email...

216,601 accounts affectedOccurred 2026
Wednesday, June 24, 2026
BreachHave I Been Pwned6d ago

Madison Square Garden Sports

In June 2026, the sports and entertainment company Madison Square Garden Sports was the target of a ShinyHunters "pay or leak" extortion campaign . The group later published the alleged data, which included almost 10M unique email addresses spanning staff and...

9,796,738 accounts affectedOccurred 2026
Saturday, June 20, 2026
BreachHave I Been Pwned10d ago

JCPenney

In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later...

368,418 accounts affectedOccurred 2026
Thursday, June 18, 2026
BreachHave I Been Pwned11d ago

Ralph Lauren

In June 2026, fashion retailer Ralph Lauren was targeted in a ShinyHunters "pay or leak" extortion campaign . The group subsequently published hundreds of gigabytes of data they claimed was obtained from the organisation's Salesforce instance, including 140k...

139,903 accounts affectedOccurred 2026
BreachHave I Been Pwned12d ago

Operation Endgame 4.0

On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation , a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies with...

4,160,519 accounts affectedOccurred 2026
BreachHave I Been Pwned12d ago

CFGI

In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign . The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k...

248,235 accounts affectedOccurred 2026
Monday, June 15, 2026
BreachHave I Been Pwned15d ago

June 2026 Stealer Logs

In June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been...

56,278,397 accounts affectedOccurred 2026
BreachHave I Been Pwned15d ago

Berkadia

In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k unique...

305,216 accounts affectedOccurred 2026
BreachHave I Been Pwned15d ago

Infinite Campus

In March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along...

137,123 accounts affectedOccurred 2026
Wednesday, June 10, 2026
BreachHave I Been Pwned19d ago

University of Nottingham

In June 2026, the University of Nottingham was the target of a cyber attack , later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with...

454,635 accounts affectedOccurred 2026
Sunday, June 7, 2026
BreachHave I Been Pwned23d ago

Baker Distributing

In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site . In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and...

102,935 accounts affectedOccurred 2026
Friday, June 5, 2026
BreachHave I Been Pwned25d ago

BCD Travel

In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email...

396,313 accounts affectedOccurred 2026
Wednesday, June 3, 2026
BreachHave I Been Pwned26d ago

DentaQuest

In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included...

2,553,599 accounts affectedOccurred 2026
Monday, June 1, 2026
BreachHave I Been Pwned29d ago

Edmunds

In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached . Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses,...

177,860 accounts affectedOccurred 2026
Saturday, May 30, 2026
BreachHave I Been PwnedMay 30, 2026

Atlas Menu

In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresses...

63,926 accounts affectedOccurred 2026
Thursday, May 28, 2026
BreachHave I Been PwnedMay 28, 2026

Charter

In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign . The group later published the data,...

4,851,517 accounts affectedOccurred 2026
BreachHave I Been PwnedMay 28, 2026

Kemper

In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign . The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of...

269,299 accounts affectedOccurred 2026
Wednesday, May 27, 2026
BreachHave I Been PwnedMay 27, 2026

Mytheresa

In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group . After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The...

84,108 accounts affectedOccurred 2026
Tuesday, May 26, 2026
BreachHave I Been PwnedMay 26, 2026

Ameriprise

In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign . The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment...

502,597 accounts affectedOccurred 2026
Sunday, May 24, 2026
BreachHave I Been PwnedMay 24, 2026

7-Eleven

In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters , with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers....

185,256 accounts affectedOccurred 2026
Friday, May 22, 2026
NewsKrebs on SecurityMay 22, 2026

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other...

Tuesday, May 19, 2026
BreachHave I Been PwnedMay 19, 2026

CTT

In April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum . The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to retrieve...

468,124 accounts affectedOccurred 2026
Monday, May 18, 2026
BreachHave I Been PwnedMay 18, 2026

Addi

In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters...

34,532,941 accounts affectedOccurred 2026
Thursday, May 14, 2026
BreachHave I Been PwnedMay 14, 2026

Abrigo

In April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group . Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique...

711,099 accounts affectedOccurred 2026
Wednesday, May 13, 2026
BreachHave I Been PwnedMay 13, 2026

Canada Life

In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group . The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in...

237,810 accounts affectedOccurred 2026
Tuesday, May 12, 2026
BreachHave I Been PwnedMay 12, 2026

Cushman & Wakefield

In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group . Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting...

310,431 accounts affectedOccurred 2026
Friday, May 8, 2026
BreachHave I Been PwnedMay 8, 2026

Zara

In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and...

197,376 accounts affectedOccurred 2026
Thursday, May 7, 2026
BreachHave I Been PwnedMay 7, 2026

Woflow

In March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group . The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data. The...

447,593 accounts affectedOccurred 2026
Wednesday, May 6, 2026
BreachHave I Been PwnedMay 6, 2026

LegionProxy

In April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach . The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.

10,144 accounts affectedOccurred 2026
Tuesday, May 5, 2026
BreachHave I Been PwnedMay 5, 2026

Vimeo

In April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign . They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata....

119,167 accounts affectedOccurred 2026
Monday, May 4, 2026
BreachHave I Been PwnedMay 4, 2026

Reborn Gaming

In April 2026, the gaming community Reborn Gaming suffered a data breach due to a vulnerability in cPanel and WebHost Manager (WHM) . The breach exposed 126 unique email addresses along with IP addresses and Steam IDs. Reborn Gaming self-submitted the data to...

126 accounts affectedOccurred 2026
Sunday, May 3, 2026
BreachHave I Been PwnedMay 3, 2026

Marcus & Millichap

In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group . Data alleged to have been obtained from the company was subsequently released publicly...

1,837,078 accounts affectedOccurred 2026
Saturday, May 2, 2026
BreachHave I Been PwnedMay 2, 2026

ZenBusiness

In March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness , a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including...

5,118,184 accounts affectedOccurred 2026
Friday, May 1, 2026
BreachHave I Been PwnedMay 1, 2026

Aman

In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign , with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k...

215,563 accounts affectedOccurred 2026
Monday, April 27, 2026
BreachHave I Been PwnedApril 27, 2026

Pitney Bowes

In April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations. After negotiations allegedly failed, the group publicly released the data...

8,243,989 accounts affectedOccurred 2026
BreachHave I Been PwnedApril 27, 2026

ADT

In April 2026, home security firm ADT confirmed a data breach by ShinyHunters , which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical...

5,488,888 accounts affectedOccurred 2026
Sunday, April 26, 2026
BreachHave I Been PwnedApril 26, 2026

Udemy

In April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors....

1,401,259 accounts affectedOccurred 2026
Friday, April 24, 2026
BreachHave I Been PwnedApril 24, 2026

Carnival

In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week,...

7,531,359 accounts affectedOccurred 2026
Friday, April 17, 2026
BreachHave I Been PwnedApril 17, 2026

Amtrak

In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak . The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the...

2,147,679 accounts affectedOccurred 2026
Thursday, April 16, 2026
BreachHave I Been PwnedApril 16, 2026

McGraw Hill

In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt . Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its...

13,500,136 accounts affectedOccurred 2026
Sunday, April 12, 2026
BreachHave I Been PwnedApril 12, 2026

Hallmark

In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both...

1,736,520 accounts affectedOccurred 2026
Wednesday, April 8, 2026
BreachHave I Been PwnedApril 8, 2026

My Lovely AI

In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users . The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.

106,271 accounts affectedOccurred 2026
Saturday, April 4, 2026
BreachHave I Been PwnedApril 4, 2026

Crunchyroll

In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users . The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address,...

1,195,684 accounts affectedOccurred 2026
BreachHave I Been PwnedApril 4, 2026

SongTrivia2

In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum . The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on...

291,739 accounts affectedOccurred 2026
Wednesday, April 1, 2026
BreachHave I Been PwnedApril 1, 2026

SUCCESS

In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach . The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password...

253,510 accounts affectedOccurred 2026
Friday, March 27, 2026
BreachHave I Been PwnedMarch 27, 2026

BreachForums Version 5

In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed . The incident exposed 340k unique email addresses along with usernames and argon2 password hashes.

339,778 accounts affectedOccurred 2026
Thursday, March 26, 2026
BreachHave I Been PwnedMarch 26, 2026

Sound Radix

In March 2026, the audio production tools company Sound Radix disclosed a data breach that they subsequently self-submitted to HIBP . The incident impacted 293k unique email addresses and names. Sound Radix advised that it is possible that additional data...

292,993 accounts affectedOccurred 2026
Wednesday, March 18, 2026
BreachHave I Been PwnedMarch 18, 2026

Aura

In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses . The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected....

903,080 accounts affectedOccurred 2026
Sunday, March 15, 2026
BreachHave I Been PwnedMarch 15, 2026

Divine Skins

In March 2026, the League of Legends custom skins service Divine Skins suffered a data breach . The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all...

105,814 accounts affectedOccurred 2026
BreachHave I Been PwnedMarch 15, 2026

Baydöner

In March 2026, the Turkish restaurant chain Baydöner suffered a data breach which was subsequently published to a public hacking forum . The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext...

1,266,822 accounts affectedOccurred 2026
Tuesday, March 3, 2026
BreachHave I Been PwnedMarch 3, 2026

Provecho

In early 2026, data purportedly sourced from the recipe and meal planning service Provecho was alleged to have been obtained in a breach. The exposed data included 713k unique email address along with username and the creator account holders followed....

712,904 accounts affectedOccurred 2026
Monday, March 2, 2026
BreachHave I Been PwnedMarch 2, 2026

Lovora

In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users’ display names and profile photos, along with other personal information collected through use of...

495,556 accounts affectedOccurred 2026
BreachHave I Been PwnedMarch 2, 2026

Quitbro

In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users’ years of birth, responses to questions within the app and their last recorded relapse time. The app’s...

22,874 accounts affectedOccurred 2026
BreachHave I Been PwnedMarch 2, 2026

KomikoAI

In February, the AI-powered comic generation platform KomikoAI suffered a data breach . The incident exposed 1M unique email addresses along with names, user posts and the AI prompts used to generate content. The exposed data enables the mapping of individual...

1,060,191 accounts affectedOccurred 2026
Thursday, February 26, 2026
BreachHave I Been PwnedFebruary 26, 2026

Odido

In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt . Shortly after, a total of 6M unique email addresses were published across four separate data releases over consecutive days. The exposed data includes...

6,077,025 accounts affectedOccurred 2026
Sunday, February 22, 2026
BreachHave I Been PwnedFebruary 22, 2026

CarGurus

In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters . Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple...

12,461,887 accounts affectedOccurred 2026
Friday, February 20, 2026
BreachHave I Been PwnedFebruary 20, 2026

CarMax

In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt . The data included 431k unique email addresses along with names, phone numbers and physical addresses.

431,371 accounts affectedOccurred 2026
Wednesday, February 18, 2026
BreachHave I Been PwnedFebruary 18, 2026

Figure

In February 2026, data obtained from the fintech lending platform Figure was publicly posted online . The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of...

967,178 accounts affectedOccurred 2026
Tuesday, February 10, 2026
BreachHave I Been PwnedFebruary 10, 2026

Toy Battles

In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.

1,017 accounts affectedOccurred 2026
BreachHave I Been PwnedFebruary 10, 2026

Association Nationale des Premiers Secours

In January 2026, a data breach impacting the French non-profit Association Nationale des Premiers Secours (ANPS) was posted to a hacking forum . The breach exposed 5.6k unique email addresses along with names, dates of birth and places of birth. ANPS...

5,600 accounts affectedOccurred 2026
Thursday, February 5, 2026
BreachHave I Been PwnedFebruary 5, 2026

Betterment

In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack . As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns...

1,435,174 accounts affectedOccurred 2026
Saturday, January 31, 2026
BreachHave I Been PwnedJanuary 31, 2026

Panera Bread

In January 2026, Panera Bread suffered a data breach that exposed 14M records . After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names,...

5,112,502 accounts affectedOccurred 2026
Sunday, January 11, 2026
BreachHave I Been PwnedJanuary 11, 2026

Instagram

In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum . The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these...

6,215,150 accounts affectedOccurred 2026