Public breach reports where physical addresses were listed among exposed data types.
In May 2026, real estate services firm Cushman & Wakefield had data on approximately 310,000 accounts exposed after the ShinyHunters group carried out an extortion campaign and published stolen corporate contact records.
Aman, an ultra-luxury hotel brand, suffered a data breach in April 2026 when ShinyHunters obtained customer records from their Salesforce CRM and later leaked them publicly.
Udemy suffered a data breach affecting 1.4 million accounts, with customer and instructor information including email addresses, names, addresses, phone numbers, and payment methods exposed.
SUCCESS, a personal development media brand, suffered a data breach in March 2026 exposing approximately 253,510 accounts with names, email addresses, phone numbers, and other personal information.
Pitney Bowes suffered a data breach in April 2026 affecting approximately 8.2 million individuals, with ShinyHunters claiming responsibility and publicly releasing the stolen data.
McGraw Hill confirmed a data breach in April 2026 affecting 13.5 million accounts, exposing email addresses, names, phone numbers, and physical addresses due to a Salesforce misconfiguration.
Hallmark suffered a breach in March 2026 after attackers accessed data stored in Salesforce, exposing approximately 1.7 million customer records.
Aura disclosed a data breach in March 2026 affecting over 900,000 customer records, primarily from a marketing tool associated with a previously acquired company.
Amtrak suffered a data breach in April 2026 affecting over 2.1 million accounts, with the hacking group ShinyHunters claiming responsibility and later publishing the stolen data.
ADT confirmed a data breach affecting 5.5 million customers in April 2026, with ShinyHunters claiming responsibility and threatening to leak the data.