The extortion group ShinyHunters has published data stolen from Moody Bible Institute, a Chicago-based Christian college, after a "pay or leak" campaign. Have I Been Pwned indexed more than 2.3 million unique email addresses along with names, physical addresses, phone numbers, and dates of birth belonging to students, alumni, donors, and supporters. ShinyHunters claimed a much larger haul spanning enrollment, donor, payroll, and communications systems, and some reporting ties the intrusion to the same ShinyHunters campaign that exploited an Oracle PeopleSoft flaw. Most of the leaked email addresses had already appeared in earlier breaches, raising the risk of credential stuffing and targeted phishing.
Medical device maker Medtronic has begun notifying customers that their personal data was exposed in a breach of its corporate IT systems earlier this year, an attack claimed by the extortion group ShinyHunters. Medtronic noticed unusual activity in mid-April and its investigation found that an unauthorized actor had access between April 13 and 19. ShinyHunters claimed to hold roughly nine million records containing personal and internal corporate data, and Medtronic did not pay, with its listing later removed from the group's leak site. The company says its products, patient safety, and the networks running its medical devices were not affected, crediting separation between corporate and clinical systems.
Nissan has disclosed that current and former employees' data was stolen after attackers exploited a zero-day flaw in Oracle PeopleSoft, the software it uses to manage payroll, tax, and personnel records. In a filing with California's attorney general, Nissan said Oracle informed it that the personnel records of hundreds of companies may have been taken. The attacks, tied to the extortion group ShinyHunters, exploited PeopleSoft vulnerability CVE-2026-35273 as a zero-day between late May and early June, primarily hitting education organizations, before Oracle issued mitigations. ShinyHunters has begun leaking stolen data, with Nissan joining victims that include the University of Nottingham and a US insurance regulator group.
Food distribution giant Sysco was hit by the extortion group ShinyHunters in a "pay or leak" attack, and after the company did not pay, the stolen data was published. Have I Been Pwned has indexed 2,691,852 unique email addresses belonging to staff and customers, alongside what is described as largely corporate contact information. The breach fits ShinyHunters' sweeping 2026 campaign against large enterprises, which has typically relied on social engineering and compromised SaaS integrations rather than software exploits. Exposed business contact data is useful for convincing, targeted phishing aimed at Sysco's staff, customers, and partners.
Data from a breach of American Tower, one of the largest wireless communications infrastructure companies, has been indexed by Have I Been Pwned, which added 216,601 affected accounts. The extortion group ShinyHunters is linked to the incident, consistent with its sweeping 2026 campaign that has used social engineering against staff to reach corporate systems and exfiltrate data at major enterprises. American Tower operates critical telecom infrastructure, making any exposure of employee or partner data a concern for follow-on phishing and targeted attacks. Exposed contact details are commonly reused for convincing phishing against affected individuals and the organization.
The extortion group ShinyHunters has published data stolen from Madison Square Garden Sports, owner of the New York Knicks and Rangers, after the company did not pay. Have I Been Pwned indexed 9,796,738 unique email addresses spanning staff and customers, alongside extensive personal, employment, and customer-relationship records including names, addresses, phone numbers, and some dates of birth. Reporting on the leak describes an internal "Talent" file profiling former players, executives' family members, and celebrities, in some cases with so-called threat assessments. The intrusion reportedly began with voice-phishing of staff, the same social-engineering pattern behind ShinyHunters' wider 2026 campaign against large enterprises.
Have I Been Pwned has added 139,903 accounts from a breach of fashion brand Ralph Lauren, which the extortion group ShinyHunters claimed as part of its sweeping 2026 campaign against retail and luxury names. ShinyHunters says it took around 220 GB of data, including customer personal information, purchase histories, and financial transaction details, along with unreleased product and strategy plans. The group typically breaks in not through a brand's core systems but via connected platforms like Salesforce or customer-service tools. Exposed purchase and contact data is prime material for convincing phishing and fraud aimed at the retailer's customers.
Have I Been Pwned has added 368,418 accounts from a breach of JCPenney, after the extortion group ShinyHunters claimed in mid-June it stole data from the retailer and several sister brands under Catalyst Brands and Authentic Brands Group. ShinyHunters says the haul includes highly sensitive employee and customer data: Social Security numbers, dates of birth, W-2 tax forms, payroll records, and scans of government-issued IDs. Unlike passwords, these identifiers cannot simply be reset, raising long-term identity-theft and tax-fraud risk. JCPenney has not confirmed the full scope, and the group has not published samples, but the data types make this a serious exposure.
Eastman Kodak has confirmed that an unauthorized third party gained temporary access to a limited amount of company data, after the extortion group ShinyHunters listed the firm on its dark-web leak site. ShinyHunters claims it stole more than 2.2 million records containing customer personal information and internal corporate data, and set a leak deadline of June 18, though it has released no proof and Kodak has not verified the figure. Kodak, now mainly a B2B manufacturing and technology company, says it engaged outside experts and law enforcement and sees no threat to operations. The breach fits ShinyHunters' prolific 2026 data-theft campaign.
Have I Been Pwned has added 248,235 accounts from the March breach of CFGI, a US accounting and financial-advisory firm that works closely with corporate finance teams at mid-market and Fortune 500 companies. The extortion group ShinyHunters claimed the intrusion, posting hundreds of thousands of records including names, emails, phone numbers, and home addresses, along with internal corporate documents and identity-system metadata. Because CFGI sits inside its clients' finance functions, the stolen contact and relationship data is unusually useful for convincing business email compromise and client-impersonation scams aimed at authorizing fraudulent payments.