Search Results for "extortion"

University of Nottingham June 9, 2026 • [ cyber attack, extortion, data leak ] In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. In a post about the incident, the university advised that the breach affected both "current students, and alumni".

BCD Travel May 29, 2026 • [ extortion, data leak, data theft ] In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other exposed data included names, addresses, phone numbers, job titles and employer names, spanning a variety of different data sets including leads, internal staff and support tickets.

Charter May 23, 2026 • [ extortion, data leak, ShinyHunters ] In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group later published the data, which exposed 4.9M unique email addresses along with names, phone numbers and physical addresses. A subset of approximately 85k records originating from an internal employee directory also included job titles. Charter confirmed the incident, but stated that no sensitive personal information or customer proprietary network information (CPNI) was exfiltrated.

DentaQuest May 23, 2026 • [ data leak, extortion, healthcare ] In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files. DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to a limited portion of our network", and advised they had contained the attack and mitigated the threat.

Grafana Labs May 11, 2026 • [ source code leak, extortion, compromised credentials ] Grafana Labs confirmed that a cybercrime group used a compromised GitHub token to access its GitHub repositories and download its codebase and internal GitHub repository content. The attackers demanded ransom to prevent disclosure, but Grafana said customer production systems, Grafana Cloud, customer operations, customer data, and personal information from production systems were not compromised.

Powell Electronics May 7, 2026 • [ data breach, Personally Identifiable Information (PII), extortion ] PayoutsKING claimed responsibility for an attack on Powell Electronics and threatened to release sensitive data unless the company negotiated. DataBreach indexed 198,676 rows with names, email addresses, phone numbers, and street addresses. Later breach-notification reporting said Powell began notifying affected individuals that data including Social Security numbers and driver's license information had been accessed. Public reporting did not confirm encryption, data destruction, or attacker-caused operational disruption.

Cushman & Wakefield May 5, 2026 • [ vishing, extortion, data leak ] In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with tens of thousands of external email addresses and corporate contact records. The exposed data was primarily business information, including names, job titles, company addresses and phone numbers.

Trellix May 5, 2026 • [ source code leakage, unauthorized access, cyberattack ] Trellix disclosed unauthorized access to a portion of its source code repository in May 2026. RansomHouse later claimed responsibility and published screenshots as proof of access. Trellix said it had found no evidence that its source-code release or distribution process was affected or that its source code had been exploited. Public reporting did not confirm encryption, data destruction, operational disruption, or customer data exposure.

Vimeo April 28, 2026 • [ extortion, data leak, third-party breach ] In April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign. They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata. The data also included 119k unique email addresses, sometimes accompanied by names. Vimeo attributed the exposure to a breach of Anodot, a third-party analytics vendor, and advised the incident does not include "Vimeo video content, valid user login credentials, or payment card information".

Gelatissimo April 27, 2026 • [ data leak, ransomware, financial data ] DragonForce listed Australian gelato franchiser Gelatissimo on its leak site around April 27, 2026 and claimed to have stolen more than 350 GB of data, with other reporting specifying 352.24 GB. The claimed data included sensitive employee data, financial details, operational information, and executive contact details, and the group threatened publication unless the company responded; reviewed reporting did not confirm encryption or operational disruption.

Udemy, Inc. April 24, 2026 • [ data leak, extortion, ShinyHunters ] ShinyHunters listed Udemy in a pay-or-leak extortion attempt on April 24, 2026 and subsequently leaked data containing 1.4 million unique email addresses belonging to customers and instructors, along with names, physical addresses, phone numbers, employer information, and instructor payout methods. Public reporting did not confirm encryption, deletion, or operational disruption.

Udemy April 24, 2026 • [ data leak, extortion, cybercrime ] In April 2026, online training company Udemy was the victim of a pay or leak extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The data also included names, physical addresses, phone numbers, employer information and instructor payout methods including PayPal, cheque and bank transfer.

ADT April 20, 2026 • [ data breach, extortion, data leak ] In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses. ADT also advised that "in a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included" and that it had contacted all affected people.

Aman April 20, 2026 • [ extortion, data leak, CRM breach ] In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign, with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses. Whilst not present on all records, the data also included genders, physical addresses, phone numbers, nationalities, dates of birth, spouse names and VIP status codes.

Pitney Bowes April 20, 2026 • [ extortion, data leak, hacking collective ] In April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations. After negotiations allegedly failed, the group publicly released the data which included 8.2M unique email addresses, along with names, phone numbers and physical addresses. A subset of the data also included Pitney Bowes employee records with job titles.

Canada Life April 20, 2026 • [ extortion, data leak, phishing ] In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group. The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets. In their disclosure notice, Canada Life advised that "it is a small proportion of our customers who may have been impacted". In the wake of the incident, Canada Life also published an alert cautioning customers to be wary of phishing attacks, a pattern often seen after the public release of breached data.

Aman Resorts April 18, 2026 • [ extortion, data leak, PII ] ShinyHunters named Aman Resorts in an April 2026 pay-or-leak extortion campaign and claimed compromise of over 500,000 Salesforce CRM records containing PII. DataBreach indexed 294,871 rows, while Have I Been Pwned reported over 200,000 unique email addresses and said the leaked data also included names, phone numbers, physical addresses, dates of birth, nationalities, spouse names, and VIP status codes. Public sources did not confirm encryption, data destruction, or operational disruption.

Seiko USA April 18, 2026 • [ defacement, ransomware, data theft ] The Seiko USA websites Press Lounge section was defaced with a ransom message claiming attackers had accessed the companys Shopify backend and stolen its customer database; the claimed data theft was not confirmed.

Carnival April 18, 2026 • [ phishing, extortion, data leak ] In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty program. Carnival acknowledged a phishing incident involving a single user account and advised they were working to better understand the scope of the unauthorised activity.

Guesty April 15, 2026 • [ ransomware, extortion, data theft ] Vect claimed it stole 700GB of Guesty data and was negotiating with the company after a ransomware-related extortion listing.

Search Results (extortion)