Abrigo, a fintech software company, had data from its Salesforce instance published by the ShinyHunters group in April 2026, exposing business contact information for over 711,000 individuals.
What happened
According to Have I Been Pwned, in April 2026 the ShinyHunters cybercriminal group targeted Abrigo in a "pay or leak" extortion attempt. After the demand, data allegedly taken from the company's Salesforce instance was published publicly. The breach was disclosed on HIBP in May 2026.
HIBP notes this incident is separate from a prior Salesforce compromise Abrigo experienced through the Drift application connector, though the types of data exposed in both incidents are described as consistent with each other.
What was exposed
The published data contained over 700,000 unique email addresses along with other business contact details. According to HIBP, the exposed fields include names, email addresses, phone numbers, physical addresses, employers, and job titles. Abrigo described the data in the earlier related incident as "business contact information."
Who is affected
Reported by HIBP, the affected individuals include both Abrigo staff and external contacts — such as clients or partners — whose information was stored in the company's Salesforce system. Over 711,000 accounts are listed as affected.
What to do now
If you have ever interacted with Abrigo as a client, partner, or employee, your business contact details may have been exposed. Be alert to phishing emails or phone calls that use your name, employer, or job title to appear legitimate. Consider reviewing any accounts where you use the same email address and enable multi-factor authentication where possible. Monitor for unsolicited contact that references your professional details.