Ralph Lauren had data on approximately 140,000 individuals exposed after the ShinyHunters group claimed to have extracted records from the company's Salesforce instance and published them as part of an extortion campaign.
What happened
According to Have I Been Pwned, in June 2026 the ShinyHunters hacking group targeted fashion retailer Ralph Lauren in a "pay or leak" extortion campaign. When the company did not meet their demands, the group published hundreds of gigabytes of data they claimed to have obtained from Ralph Lauren's Salesforce instance. The breach was reported by Cybernews.
What was exposed
According to HIBP, the published data included approximately 140,000 unique email addresses along with names, phone numbers, genders, and age groups. No financial, medical, or government identity data was reported as part of this exposure.
Who is affected
Around 139,903 individuals whose personal details were stored in Ralph Lauren's Salesforce environment are affected. These are likely customers or contacts who had previously interacted with the brand.
What to do now
If you have an account with Ralph Lauren, be alert to phishing emails or unsolicited calls that use your personal details. Consider updating your Ralph Lauren account password and enabling multi-factor authentication if available. Monitor your email for any suspicious activity, and be cautious of messages that appear to come from Ralph Lauren but ask for sensitive information.