Public breach reports where employers were listed among exposed data types.
CFGI, a financial consulting and advisory firm, had data on approximately 248,000 individuals exposed after the ShinyHunters group conducted an extortion campaign and subsequently published corporate contact information.
Infinite Campus, a student information system, had data on approximately 137,000 accounts stolen and published by the ShinyHunters group in March 2026 following an extortion campaign.
Berkadia, a commercial real estate finance company, had data from its Salesforce instance published by the ShinyHunters group in March 2026, exposing over 300,000 individuals' contact and employer information.
BCD Travel, a corporate travel management company, had data on approximately 396,000 individuals exposed after ShinyHunters claimed the company as a victim of an extortion campaign and published the data publicly in early June 2026.
Ameriprise Financial had data from approximately 500,000 accounts exposed after the ShinyHunters group exfiltrated over 200GB from its Salesforce and SharePoint systems and published it following failed extortion negotiations.
Abrigo, a fintech software company, had data from its Salesforce instance published by the ShinyHunters group in April 2026, exposing business contact information for over 711,000 individuals.
Marcus & Millichap, a commercial real estate brokerage, had data on approximately 1.8 million individuals exposed after being named as an alleged victim of the ShinyHunters hacking group in April 2026.
Udemy suffered a data breach affecting 1.4 million accounts, with customer and instructor information including email addresses, names, addresses, phone numbers, and payment methods exposed.