The extortion group ShinyHunters has published data stolen from Moody Bible Institute, a Chicago-based Christian college, after a "pay or leak" campaign. Have I Been Pwned indexed more than 2.3 million unique email addresses along with names, physical addresses, phone numbers, and dates of birth belonging to students, alumni, donors, and supporters. ShinyHunters claimed a much larger haul spanning enrollment, donor, payroll, and communications systems, and some reporting ties the intrusion to the same ShinyHunters campaign that exploited an Oracle PeopleSoft flaw. Most of the leaked email addresses had already appeared in earlier breaches, raising the risk of credential stuffing and targeted phishing.
Medical device maker Medtronic has begun notifying customers that their personal data was exposed in a breach of its corporate IT systems earlier this year, an attack claimed by the extortion group ShinyHunters. Medtronic noticed unusual activity in mid-April and its investigation found that an unauthorized actor had access between April 13 and 19. ShinyHunters claimed to hold roughly nine million records containing personal and internal corporate data, and Medtronic did not pay, with its listing later removed from the group's leak site. The company says its products, patient safety, and the networks running its medical devices were not affected, crediting separation between corporate and clinical systems.
Aflac Life Insurance Japan, a subsidiary of the US insurance giant Aflac, says attackers broke into its policyholder portal and stole personal data belonging to about 4.38 million customers and agents. The intruders accessed systems repeatedly between June 15 and June 25, when the breach was detected through a surge in traffic, and the company suspended affected systems in response. Exposed data includes names, addresses, phone numbers, dates of birth, gender, and insurance account details, plus premium payment account information for roughly 230,000 people; no credit card data was taken. Aflac says the incident is limited to its Japan systems and does not affect its US operations.
Nissan has disclosed that current and former employees' data was stolen after attackers exploited a zero-day flaw in Oracle PeopleSoft, the software it uses to manage payroll, tax, and personnel records. In a filing with California's attorney general, Nissan said Oracle informed it that the personnel records of hundreds of companies may have been taken. The attacks, tied to the extortion group ShinyHunters, exploited PeopleSoft vulnerability CVE-2026-35273 as a zero-day between late May and early June, primarily hitting education organizations, before Oracle issued mitigations. ShinyHunters has begun leaking stolen data, with Nissan joining victims that include the University of Nottingham and a US insurance regulator group.
Japanese telecom giant KDDI has disclosed a breach of an email platform it operates for itself and several internet service providers, potentially exposing the email addresses and passwords of up to 14.22 million mailboxes. KDDI detected the intrusion on June 17, blocked the attacker the same day, and traced the entry to a vulnerability in unnamed third-party software used by the email system. Six ISPs are affected, including JCOM, Nifty, and Biglobe, and the figure covers current, former, and inactive accounts. KDDI says some passwords were hashed or encrypted but has not said how many were stored in plaintext, and is urging all affected users to change their passwords.
Food distribution giant Sysco was hit by the extortion group ShinyHunters in a "pay or leak" attack, and after the company did not pay, the stolen data was published. Have I Been Pwned has indexed 2,691,852 unique email addresses belonging to staff and customers, alongside what is described as largely corporate contact information. The breach fits ShinyHunters' sweeping 2026 campaign against large enterprises, which has typically relied on social engineering and compromised SaaS integrations rather than software exploits. Exposed business contact data is useful for convincing, targeted phishing aimed at Sysco's staff, customers, and partners.
Data from a breach of American Tower, one of the largest wireless communications infrastructure companies, has been indexed by Have I Been Pwned, which added 216,601 affected accounts. The extortion group ShinyHunters is linked to the incident, consistent with its sweeping 2026 campaign that has used social engineering against staff to reach corporate systems and exfiltrate data at major enterprises. American Tower operates critical telecom infrastructure, making any exposure of employee or partner data a concern for follow-on phishing and targeted attacks. Exposed contact details are commonly reused for convincing phishing against affected individuals and the organization.
The extortion group ShinyHunters has published data stolen from Madison Square Garden Sports, owner of the New York Knicks and Rangers, after the company did not pay. Have I Been Pwned indexed 9,796,738 unique email addresses spanning staff and customers, alongside extensive personal, employment, and customer-relationship records including names, addresses, phone numbers, and some dates of birth. Reporting on the leak describes an internal "Talent" file profiling former players, executives' family members, and celebrities, in some cases with so-called threat assessments. The intrusion reportedly began with voice-phishing of staff, the same social-engineering pattern behind ShinyHunters' wider 2026 campaign against large enterprises.
Xsolis, a US healthcare technology company whose AI software is used by more than 600 hospitals and insurers for utilization management and reimbursement decisions, has disclosed a breach affecting 1,396,519 people. Attackers got in through a targeted phishing attack on an employee in January, accessing files containing patient data Xsolis handles for its clients. The exposed information includes names, dates of birth, addresses, Social Security numbers, health insurance details, and medical treatment information. Because Xsolis is a vendor, affected individuals may never have dealt with it directly; downstream health systems including Mayo Clinic are among those whose patients are impacted.
Tata Electronics, the Indian manufacturer that assembles roughly a third of Apple's iPhones in India, has confirmed a cyberattack affecting part of its IT systems after the extortion group World Leaks began leaking stolen data. The group claims to have taken around 200,000 files, including confidential Apple and Tesla manufacturing and component design documents, internal emails, years of event logs, and copies of employee passports, some belonging to foreign nationals. Researchers say the data has been on the dark web since at least June 10, and a ransom was demanded. World Leaks, a rebrand of the Hunters International group, also claimed breaches at Nike and Dell.