Public breach reports where addresses were listed among exposed data types.
Madison Square Garden Sports had data on nearly 10 million accounts exposed after the ShinyHunters group carried out a pay-or-leak extortion campaign and published the stolen data online.
JCPenney suffered a data breach in June 2026 when ShinyHunters exploited a zero-day vulnerability in Oracle PeopleSoft, exposing personal and HR data for approximately 368,000 current and former employees.
Infinite Campus, a student information system, had data on approximately 137,000 accounts stolen and published by the ShinyHunters group in March 2026 following an extortion campaign.
Baker Distributing Company had data on approximately 103,000 accounts exposed after the ShinyHunters extortion group published information allegedly taken from the company's SharePoint and Salesforce systems in May 2026.
BCD Travel, a corporate travel management company, had data on approximately 396,000 individuals exposed after ShinyHunters claimed the company as a victim of an extortion campaign and published the data publicly in early June 2026.
DentaQuest, a dental benefits administrator, had data on approximately 2.6 million individuals publicly leaked by the ShinyHunters group following an extortion campaign in May 2026.
Charter Communications had data on approximately 4.9 million accounts exposed after the ShinyHunters group threatened extortion and subsequently published the stolen data.
Kemper Corporation had data on approximately 269,000 individuals exposed after the ShinyHunters ransomware group accessed its Salesforce environment via social engineering and published the stolen data in an extortion campaign.
7-Eleven suffered a data breach in April 2026 when the ShinyHunters group conducted an extortion campaign and later published data on approximately 185,000 individuals.
Abrigo, a fintech software company, had data from its Salesforce instance published by the ShinyHunters group in April 2026, exposing business contact information for over 711,000 individuals.
Canada Life suffered a data breach in April 2026 when the ShinyHunters group stole and published data on over 237,000 customers, including names, email addresses, phone numbers, physical addresses, and support tickets.
Woflow, an AI-driven merchant data platform, had data on approximately 447,593 accounts exposed after the ShinyHunters extortion group published files allegedly stolen from the company in March 2026.
Marcus & Millichap, a commercial real estate brokerage, had data on approximately 1.8 million individuals exposed after being named as an alleged victim of the ShinyHunters hacking group in April 2026.