CFGI, a financial consulting and advisory firm, had data on approximately 248,000 individuals exposed after the ShinyHunters group conducted an extortion campaign and subsequently published corporate contact information.
What happened
According to Have I Been Pwned, in March 2026 the financial consulting and advisory firm CFGI was targeted by the ShinyHunters group in a "pay-or-leak" extortion campaign. When the demand was not met, the group publicly released data allegedly taken from CFGI.
What was exposed
Reported by HIBP, the leaked data consisted of corporate contact information, including names, email addresses, phone numbers, physical addresses, employers, and job titles. Around 243,000 unique email addresses were included in the dataset.
Who is affected
Approximately 248,235 individuals are listed as affected. Based on the nature of the exposed data — corporate contact details — those affected appear to be primarily business professionals and contacts associated with CFGI.
What to do now
If you believe your information may have been included, be alert to phishing emails and unsolicited calls, as your name, employer, and contact details may be in the hands of malicious actors. Consider using a unique email address for professional contacts going forward. Monitor your accounts for any suspicious activity and be cautious of targeted social engineering attempts.