In April 2026, Zara was targeted by the ShinyHunters extortion group, exposing approximately 197,000 unique email addresses along with purchase and support ticket data linked to a compromise of the Anodot analytics platform.
Crunchyroll suffered a data breach in March 2026 affecting approximately 1.2 million email addresses, with additional personal information exposed from the company's Zendesk support system.
Carnival Corporation suffered a data breach affecting 7.5 million records from its Holland America loyalty program after ShinyHunters claimed to obtain and later published the data.
Turkish restaurant chain Baydöner suffered a data breach in March 2026 exposing over 1.2 million customer records including names, email addresses, phone numbers, and plaintext passwords.