Search Results for "extortion"

Zara April 15, 2026 • [ extortion, data leak, third-party risk ] In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and subsequently published a terabyte of data allegedly including 95M support ticket records. The data contained 197k unique email addresses alongside product SKUs, order IDs and the market the support ticket originated in. Zara's parent company Inditex advised that the incident didn't affect passwords or payment information.

Guesty April 15, 2026 • [ ransomware, extortion, data theft ] Vect claimed it stole 700GB of Guesty data and was negotiating with the company after a ransomware-related extortion listing.

Kemper April 15, 2026 • [ ransomware, social engineering, extortion ] In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of a broader campaign targeting hundreds of organisations using the same method. The group later published tens of gigabytes of data they claimed included internal directory data, Salesforce records and Stripe payment logs. Among the 269k unique email addresses were names, phone numbers, physical addresses and partial payment card data including the last 4 digits, expiry dates and card brands. Kemper confirmed the incident and stated they had engaged third-party cybersecurity experts and notified law enforcement.

McGraw Hill April 14, 2026 • [ misconfiguration, data leak, extortion ] McGraw Hill confirmed that a Salesforce-hosted webpage misconfiguration exposed limited contact data, while ShinyHunters claimed millions of Salesforce records and attempted extortion.

Abrigo April 14, 2026 • [ extortion, data leak, fintech ] In April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group. Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belonging to both Abrigo staff and external contacts. Whilst separate from Abrigo's Salesforce compromise via the Drift application connector the previous year, the data fields described in that incident are consistent with the ShinyHunters data, namely that it was "business contact information" including "institution name, employee name, email addresses, and phone numbers".

Marcus & Millichap April 12, 2026 • [ hacking, extortion, data leak ] In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group. Data alleged to have been obtained from the company was subsequently released publicly and included 1.8M unique email addresses, along with names, phone numbers and employment-related information including employer, job title and physical company address. In their disclosure notice, Marcus & Millichap advised that data which may have been accessed appeared limited to "company forms, templates, marketing materials, and general contact information".

Mytheresa April 12, 2026 • [ extortion, data leak, ShinyHunters ] In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The exposed data also included names, phone numbers, physical addresses, purchases and partial credit card data including card type, last 4 digits and expiry date.

McGraw Hill April 10, 2026 • [ data breach, extortion, misconfiguration ] In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.

7-Eleven April 8, 2026 • [ extortion, data leak, ShinyHunters ] In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters, with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers. A small number of records also contained additional exposed data fields. The company later advised the breach was limited to "certain 7-Eleven systems used to store franchisee documents", a statement consistent with the exposed data.

Pitney Bowes April 8, 2026 • [ phishing, extortion, data leak ] Pitney Bowes identified unauthorized access to certain records in its Salesforce customer relationship management environment on April 9, 2026, after a phishing attack compromised an employee email account the previous night. ShinyHunters claimed to have obtained Pitney Bowes data as part of a broader extortion campaign and later released data containing 8.2 million unique email addresses, names, phone numbers, physical addresses, and some employee job-title records. Irish reporting separately confirmed that 137 Revenue Commissioners employees were affected through the Pitney Bowes supplier breach, with professional contact details exposed but no Revenue passwords or taxpayer data stolen.

Parque Eólico Toabré March 31, 2026 • [ cyberattack, data leak, ransomware ] Everest claimed responsibility for a cyberattack against Parque Elico Toabr on March 31, 2026 and threatened to release sensitive data. La Estrella de Panam later listed Parque Elico Toabr among Panamanian technology incidents dated May 9, 2026, and other dark-web monitoring reported an alleged 175GB database leak. Public reporting did not confirm encryption, data destruction, operational disruption, or compromise of wind-farm control systems.

Hallmark March 31, 2026 • [ data leak, extortion, support tickets ] In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark+ streaming service, along with names, phone numbers, physical addresses and support tickets.

ZenBusiness March 27, 2026 • [ data breach, extortion, ransomware ] In March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness, a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including Snowflake, Mixpanel and Salesforce, and threatened to publish it if a ransom was not paid. The following month, after claiming payment had not been made, ShinyHunters publicly released the data. The collection amounted to many terabytes across thousands of files that appeared to originate from multiple systems and business functions, including leads, support records and other CRM-related data. The data contained approximately 5M unique email addresses, often accompanied by name and phone number depending on the source file.

Goodwill of Greater Grand Rapids March 27, 2026 • [ ransomware, extortion, data theft ] Goodwill of Greater Grand Rapids said an attack disrupted part of its network environment and affected store operations, forcing locations across its West Michigan service area to operate on a cash-only basis, while outside reporting tied the incident to an Interlock ransomware extortion claim alleging theft of 80 GB of data.

Addi March 25, 2026 • [ fintech, data breach, extortion ] In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibility and published a large trove of personal data allegedly obtained from Addi. The data included 34M unique email addresses from credit scoring requests, credit bureau records, customer identity records and email validation logs. It also contained government issued IDs (Cdula de Ciudadana), estimated income, socioeconomic levels, purchases and other credit-related data points.

Aroostook Mental Health Center March 24, 2026 • [ ransomware, data leak, network disruption ] Aroostook Mental Health Center said a recent network disruption affected some business operations and temporarily interrupted connectivity, while outside reporting linked the incident to the Qilin ransomware group and a related leak-site extortion claim.

IntraCare March 20, 2026 • [ unauthorized access, extortion, data breach investigation ] IntraCare disclosed unauthorized access to its network on March 20, 2026, while outside reporting linked the incident to a The Gentlemen extortion claim; the organization said it was still investigating what information, if any, was impacted.

England Hockey March 12, 2026 • [ ransomware, data leak, extortion ] England Hockey said it is investigating after the AiLock ransomware group listed the organization on its leak site and claimed it stole 129GB of data. England Hockey stated it is working with internal teams and external experts to determine what occurred. Public reporting did not confirm encryption or service disruption; the confirmed effect at reporting time was a data-theft/extortion claim under investigation.

Slavia Insurance March 10, 2026 • [ data breach, medical records, vendor error ] Czech insurer Slavia pojiovna reported that attackers obtained about 150 GB of sensitive data, including insurance documents, medical records, and direct communications with clients. The companys spokesperson attributed the incident to an error by a supplier/vendor and said the issue was detected by Slavias security systems and remediation steps were underway to prevent recurrence. Public reporting did not identify the attacker or provide counts of affected clients, but indicated the stolen data types are sensitive and could enable fraud or targeted extortion/phishing.

Community College of Beaver County March 9, 2026 • [ ransomware, cryptolocker, extortion ] Community College of Beaver County said it was under an encryption-based cryptolocker attack that forced a lockdown of college IT resources, and later outside reporting tied the incident to an Interlock extortion claim alleging theft of 780 GB of data.

Search Results (extortion)