HIBP confirms 248,000 accounts from ShinyHunters breach of advisory firm CFGI
Have I Been Pwned has added 248,235 accounts from the March breach of CFGI, a US accounting and financial-advisory firm that works closely with corporate finance teams at mid-market and Fortune 500 companies. The extortion group ShinyHunters claimed the intrusion, posting hundreds of thousands of records including names, emails, phone numbers, and home addresses, along with internal corporate documents and identity-system metadata. Because CFGI sits inside its clients' finance functions, the stolen contact and relationship data is unusually useful for convincing business email compromise and client-impersonation scams aimed at authorizing fraudulent payments.
- Check
- If you work with or for CFGI, check Have I Been Pwned for your email and watch for finance-themed phishing, fake wire instructions, or audit-document requests referencing CFGI.
- Affected
- CFGI employees, clients, and contacts whose personal and corporate data was exposed (248,235 accounts confirmed); the firm's finance-function clients face elevated business email compromise risk.
- Fix
- Reset and stop reusing CFGI-related credentials, enable phishing-resistant MFA, and verify any unexpected payment, wire, or account-change request through a known, pre-established voice channel rather than email links.