Ralph Lauren breach exposes customer data as ShinyHunters extends retail spree
Have I Been Pwned has added 139,903 accounts from a breach of fashion brand Ralph Lauren, which the extortion group ShinyHunters claimed as part of its sweeping 2026 campaign against retail and luxury names. ShinyHunters says it took around 220 GB of data, including customer personal information, purchase histories, and financial transaction details, along with unreleased product and strategy plans. The group typically breaks in not through a brand's core systems but via connected platforms like Salesforce or customer-service tools. Exposed purchase and contact data is prime material for convincing phishing and fraud aimed at the retailer's customers.
- Check
- Ralph Lauren customers should check Have I Been Pwned for their email, watch for phishing or fraudulent charges referencing orders or accounts, and review payment statements for unauthorized activity.
- Affected
- Ralph Lauren customers whose personal, purchase, and transaction data was exposed (139,903 accounts confirmed); the breach is part of a broader ShinyHunters wave hitting retail and luxury brands through connected platforms.
- Fix
- Reset and stop reusing any Ralph Lauren account passwords, enable MFA, stay alert to order- and refund-themed phishing, and consider monitoring payment cards used with the retailer for fraud.