Ransomware Group intelligence
Shinyhunters
ActiveTrack Shinyhunters with 143 published victims and 4 known leak locations in a single intelligence view.
Overview
Shinyhunters is tracked by Breach House as a ransomware group with 143 published victims.
United States is currently the most targeted country in this dataset.
4 known leak locations are currently associated with this group.
Top Countries
Interactive distribution based on the currently visible victims list.
Known Leak Locations (4)
| Label | Type | Availability | Links |
|---|---|---|---|
| Leak location 1 | Onion service | Unknown | shinypogk4jjniry5qi7247tznop6mxdrdte2k6pdu5cyo43vdzmrwid.onion |
| Leak location 2 | Web location | Unknown | breachforums.hn |
| Leak location 3 | Onion service | Unknown | toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion |
| Leak location 4 | Onion service | Unknown | shnyhntww34phqoa6dcgnvps2yu7dlwzmy5lkvejwjdo6z7bmgshzayd.onion |
Top Activity Sectors
No sector intelligence available.
Ransom Notes (0)
▼No ransom notes available for this group.
Tools Used
▼No tools used available.
YARA Rules (0)
▼No YARA rules available.
Indicators of Compromise (0)
▼No IoCs available for this group.
Negotiation Chats (0)
▼No negotiation chats available.
Research Sources
No external research sources linked yet.
Victims (143)
Search, filter and paginate the victim timeline for Shinyhunters. Showing 1–100 of 143.
| Type | Target | Discovered | Country | Business Category | Intel Link |
|---|---|---|---|---|---|
| Ransomware | Abbott owned Exact Sciences Corporation id30568 View details | United States | Healthcare / Pharma | — | |
|
Exact Sciences Corporation is a US-based company operating in the healthcare and pharmaceutical sector, offering various medical solutions. As a leading provider of cancer screening and diagnostic tests, the company plays a significant role in the healthcare industry. Abbott owned Exact Sciences Corporation was listed as a ransomware victim associated with shinyhunters |
|||||
| Ransomware | Abbott owned Exact Sciences Corporation id30568 View details | United States | Healthcare / Pharma | — | |
|
You wouldn't want us to describe what was exfiltrated from you publicly. This is a final warning to reach out by 18 July 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 15 July 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Fluke Corporation id30139 View details | United States | Manufacturing / Engineering | — | |
|
Fluke Corporation is a leading American company specializing in the manufacture, distribution, and service of electronic test tools and software. Based in the United States, the company operates within the manufacturing and engineering sector, providing a wide range of products and solutions. Fluke Corporation is known for its high-quality offerings, catering to various industries. It was listed as a ransomware victim associated with shinyhunters |
|||||
| Ransomware | Fluke Corporation id30139 View details | United States | Manufacturing / Engineering | — | |
|
Over 21 million Salesforce records containing some PII were compromised. The Company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don't care. | Size: 100GB+ | Updated: 02 July 2026 | SHA256: 6ee9bd06756efceb56e5c56fd4e8ab3a8006b9cb80e7c0b4405ed15b996c05fe |
|||||
| Ransomware | Ingram Content Group, Inc. id30140 View details | United States | Retail / E-commerce | — | |
|
Ingram Content Group, Inc. is a leading US-based company operating in the retail and e-commerce sector, providing a wide range of services and offerings. The company is involved in book distribution, print-on-demand, and other related services. Ingram Content Group, Inc. was listed as a ransomware victim associated with shinyhunters |
|||||
| Ransomware | Ingram Content Group, Inc. id30140 View details | United States | Retail / E-commerce | — | |
|
The Company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don't care. | Updated: 02 July 2026 | SHA256: f3c961b709bcff8f70dbb8361116831d2c86361754a09658115b9efed39308e5 |
|||||
| Ransomware | Adapt****** id30014 View details | United Kingdom | IT | — | |
|
Adapt****** is an IT company based in the United Kingdom, providing various IT services. The company operates in the IT sector, offering its services to clients in GB. Adapt****** was listed as a ransomware victim associated with shinyhunters |
|||||
| Ransomware | Adapt****** id30014 View details | United Kingdom | IT | — | |
|
Data being leaked by today 12:00 AM New York time. | Updated: 25 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | icsecurity.com id29976 View details | United States | IT | — | |
|
Over 2.7 million records and other internal corporate data was compromised. This is a final warning to reach out by 22 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 19 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Amazon owned OneMedical.com id29971 View details | United States | Healthcare / Medicine | — | |
|
Over 8.8TB of data was compromised. This is a final warning to reach out by 22 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 18 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | NAIC.org id29972 View details | United States | Finance / Legal / Insurance | — | |
|
Over 3.1 terabytes of National Association of Insurance Commissioners data (105,000+ files) was compromised across the INSData statistical platform, Vision credit rating feeds, SERFF, OPTINS, UCAA, EDP, RDC, and state insurance department reporting systems (NAIC, all fifty state insurance departments, and thousands of licensed insurers), including 2.1 million insurer regulatory filing PDFs, 40,000 quarterly statistical CSVs with federal EINs and company data, 45,000+ licensed rating agency files from Moody's, Fitch, S&P, Kroll, DBRS, and AM Best with CUSIP and ISIN identifiers, statutory annual and quarterly financial statements, premium and loss statistics, and HR Ratings master data. This is a final warning to reach out by 22 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 18 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Service Notice: Scheduled Maintenance and Infrastructure Upgrades id29951 View details | — | — | ||
|
* The primary server hosting all leaked data is currently undergoing scheduled maintenance and will be unavailable for approximately 24 hours. * To improve your downloading experience, we are currently deploying multiple data mirrors to ensure faster, more reliable download speeds. Additionally, we will soon offer torrent links for all hosted files to provide a more robust distribution network. * No data has been lost as we keep several backups of everything that has been leaked on here since Day 1. These files will remain publicly accessible with ease till the end of time. We appreciate your patience as we upgrade our infrastructure. | Updated: 17 June 2026 |
|||||
| Ransomware | Ralph Lauren id29940 View details | United States | Retail / E-commerce | — | |
|
Over 220GB of data containing customer PII, purchase/trasnaction info, future unreleased releases from 2027 and onward, and more was compromised. The Company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don't care. | Size: 163GB+ (compressed) | Updated: 16 June 2026 | SHA256: 17a7af9c00ea38ce822e2f022c0ceb5149535610a15f009b866d616e70cbf7e2 |
|||||
| Ransomware | icc.edu id29896 View details | United States | Education | — | |
|
Over 28 gigabytes of Illinois Central College data (122,000+ files) was compromised across PeopleSoft Campus Solutions and Human Resources (ICC, SURS pension reporting, Workday costing, and ICCB curriculum systems), including 9,200+ employee payslip PDFs, 500+ SURS payroll files with Social Security numbers, direct deposit records with bank account and routing numbers, student financial aid and grade roster exports, enrollment CSVs with @icc.edu accounts, and Workday salary allocation data spanning 2021 through June 2026. This is a final warning to reach out by 18 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 16 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | moody.edu id29897 View details | United States | Education | — | |
|
Over 23 gigabytes of Moody Bible Institute data (1,300+ files, tens of millions of records) was compromised across enrollment, donor relations, payroll, and communications systems (MBI, EDC/Salesforce leads, PeopleSoft PS_COMMUNICATION, Horizon SIS, WHPD donor database, and Cadence admissions), including 46 million communication records, 2.2 million enrollment lead records, 108,000 biodemographic master files with addresses and birthdates, 3.3 gigabytes of donor gift data, employee payroll XML with home addresses and earnings, 1,100+ admissions outreach files, and student housing assignment records. This is a final warning to reach out by 18 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 16 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | glendale.edu id29898 View details | United States | Education | — | |
|
Over 62 gigabytes of Glendale Community College data (304,000+ files) was compromised across PeopleSoft Campus Solutions (GCC, integrations, financial aid, and admission processing), including 150,000+ student records with names, dates of birth, and @student.glendale.edu emails, login and enrollment mapping files, new student enrollment CSVs, immunization compliance logs, admission checklist reports, financial aid batch exports, and transcript PDFs spanning September 2020 through June 2026. This is a final warning to reach out by 18 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 16 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | hccs.edu id29866 View details | United States | Education | — | |
|
Hundreds of thousands of student records containing full name, home address, phone, email, date of birth, gender, ethnicity, enrollment status, GPA, major, and student ID across all campuses. Daily and full student roster exports library credentials, PINs, and @student[.hccs[.edu accounts. Over 12,000 financial aid and bursar reports including FAFSA/ISIR suspense data with names, birthdates, emails, phones, and home addresses. Class rosters with birthdates, grades, academic programs, and contact information for tens of thousands of enrolled students per term. Over 344,000 international student documents including SEVIS I-20 forms, visa applications, passports, bank statements, tax returns, immigration affidavits, and acceptance letters. Over 14,000 student immunization and vaccination records including meningitis compliance documentation. Over 15,000 additional health and immunization documents across report archives and A LOT more was compromised. This is a final warning to reach out by 18 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 16 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | kodak.com id29867 View details | United States | Manufacturing / Engineering | — | |
|
Over 2.2 million records containing customer PII and other internal corporate data was compromised. This is a final warning to reach out by 18 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 16 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Deep Well Services id29868 View details | Energy | — | ||
|
Over 7k records containing customer PII and other internal corporate data was compromised. This is a final warning to reach out by 18 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 16 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Sysco Corporation id29869 View details | United States | Agriculture / Food | — | |
|
Over 61 million Salesforce records across several tables, some containing customer data/PII, employee data, and other internal corporate data was compromised. This is a final warning to reach out by 18 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 16 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | coe.int id29855 View details | France | NGOs / Associations | — | |
|
Over 297 GB of Council of Europe HR and payroll data (429,000+ files) was compromised across the Secretariat, Directorate of Human Resources, Parliamentary Assembly, EDQM, permanent and temporary staff, interpreters, conference services, language booth units, and payroll administration, including 409,000+ payslips for 10,000+ staff from 2011 to 2026, 14,000+ CVs and 3,700+ in-house personnel files, 10,700+ per-employee document stores, contract and purchase order records, mission travel overpayments, interpreter scheduling and 2026 salary scales, Blue List rosters, absence and illness reports, bank account and URSSAF payroll data, performance evaluations, and payroll exports, covering full names, employee IDs, home addresses, phone numbers, dates of birth, salaries, bank details, tax and social security information, medical and absence records, mission references, and other internal institutional data. This is a final warning to reach out by 16 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 14 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Madison Square Garden Sports Corp. id29816 View details | United States | Hospitality / Food & Beverage / Tourism | — | |
|
Over 26 million records containing customer PII and other internal corporate data was compromised. This is a final warning to reach out by 15 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 12 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | JCPenney & several other subsdiaries under Catalyst Brands & Authentic Brands Group id29817 View details | United States | Retail / E-commerce | — | |
|
Hundreds of thousands of records containing PII (SSN, DOB, etc.), W-2 tax records, pay data, physical scans of government identity documents, drive licenses, and a lot more was compromised. This is a final warning to reach out by 15 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 12 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | American Tower Corporation id29818 View details | United States | Telecommunications | — | |
|
Over 5.2 million records consiting of a significant amount of customer and landowner PII, other records tied to other companies such as T-Mobile, Verizon, and the US DHS, several tower asset records containing GPS data and plaintext physical access/gate codes for cell tower compunds across the United States, thousands of internal corporate data, and a lot more were compromised. We urge you to reach out. This is a final warning to reach out by 15 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 12 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Zayo.com & Allstream.com id29819 View details | United States | Telecommunications | — | |
|
You wouldn't want us to describe what data was taken from you publicly here. A fair assessment of this breach in terms of criticality is a 9/10. We urge you to reach out. Read our emails. Failure to do so will result in the full publication and we very much intend to carry that out if you do not engage with us. This is a final warning to reach out by 16 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 12 June 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Nexstar.tv id29782 View details | United States | Telecommunications | — | |
|
Over 1 million Salesforce records and other internal corporate data containing PII was compromised. This is a final warning to reach out by 14 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 11 June 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | Ralph Lauren Corporation id29783 View details | United States | Retail / E-commerce | — | |
|
Over 220GB of data containing customer PII, purchase/trasnaction info, future unreleased releases from 2027 and onward, and more was compromised. This is a final warning to reach out by 14 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 11 June 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | Notice id29753 View details | Other | — | ||
|
Notice is a French company operating in the **Other** sector; public search results do not provide enough reliable detail to confirm its exact offerings or location beyond that classification. In threat-intelligence listings, it appears as an entity identified by name rather than through a detailed corporate profile. The available record indicates it was listed as a ransomware victim associated with **ShinyHunters**. |
|||||
| Ransomware | nottingham.ac.uk id29708 View details | United Kingdom | Education | — | |
|
Over 40 GB of billing and payment records, credit card and payment details, student finance data, and campus portal exports from the University of Nottingham and its Malaysia and China campuses was compromised, including payer contact information, transaction amounts, IP addresses, full names, home addresses, postcodes, email addresses, phone numbers, dates of birth, and other internal campus data. | Size: 19GB+ (compressed) | Updated: 10 June 2026 | SHA256: d3aaaf06dd857deec3866072cc2876780623d880992e8d735094db4779535873 |
|||||
| Ransomware | DentaQuest, LLC. id29386 View details | United States | Other | — | |
|
The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don't care. | Size: 234GB+ (compressed) | Updated: 30 May 2026 | SHA256: db3088225c36be26ce2b458fa7a190176d071441e2e0830c0d82143e6323a3e1 |
|||||
| Ransomware | BCD Travel id29401 View details | Netherlands | Other | — | |
|
Over 700k Salesforce records and various Sharepoint sites corporate data has been compromised. This is a final warning to reach out by 1 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. Pay or Leak. | Updated: 29 May 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | DentaQuest, LLC id29452 View details | United States | Other | — | |
|
You wouldn't want us to describe what data and how much data was compromised. It is in your best interests to reply to us or we are leaking it all by the deadline. This is a final warning to reach out by 29 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. Pay or Leak. | Updated: 28 May 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Baker Distributing Company id29324 View details | United States | Other | — | |
|
Over 260k Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 27 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. Pay or Leak. | Updated: 23 May 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Charter Communications, Inc. id29325 View details | United States | Other | — | |
|
Over 42M records containing PII have been compromised. This is a final warning to reach out by 27 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. Pay or Leak. | Updated: 23 May 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | DentaQuest.com id29326 View details | United States | Other | — | |
|
You wouldn't want us to describe what data and how much data was compromised publicly. It is in your best interests to reply to us or we are leaking it all by the deadline. This is a final warning to reach out by 27 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. Pay or Leak. | Updated: 23 May 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Notification. id29085 View details | Other | — | ||
|
Notification is listed in the threat-intelligence index as an entity in the Other sector, with country information not clearly established in the available sources. The name alone does not identify a specific industry offering, so the safest description is a neutral one that avoids adding unverified business details. Public reporting on ShinyHunters describes the group as a financially motivated data-theft and extortion actor that targets organizations through social engineering and cloud-platform access. In this catalog, Notification was listed as a ransomware victim associated with shinyhunters. |
|||||
| Ransomware | PRESS STATEMENT 13/05/2026 id29088 View details | Other | — | ||
|
PRESS STATEMENT 13/05/2026 is a threat-intelligence catalog entry for an organization in the Other sector. Publicly available indexing does not identify its country, specific products, or services, so the listing should be treated as an unattributed victim record rather than a fully profiled company. The name appears to reflect a labeled incident entry rather than a descriptive business name, and no independent corporate background is available from the supplied sources. It was listed as a ransomware victim associated with shinyhunters. |
|||||
| Ransomware | Notification id29041 View details | Other | — | ||
|
Notification is a United States-based entity categorized in the Other sector, with no reliable public profile in the available record to confirm its exact business line or offerings. In threat-intelligence listings, the name is treated as a victim entry rather than a detailed corporate profile, so the safest description is that it appears as an affected organization in an external incident index. The available source material ties the listing to ShinyHunters, a financially motivated data-extortion group active against enterprise targets. It was listed as a ransomware victim associated with shinyhunters. |
|||||
| Ransomware | Houghton Mifflin Harcourt Company id28995 View details | United States | Education | — | |
|
Your data was compromised in several of our campaigns throughout the past few months. We urge you to engage with us, it is in your best interests. This is a final warning to reach out by 12 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 9 May 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Adelante Soluciones Financieras (Addi.com) id28859 View details | Colombia | Finance / Legal / Insurance | — | |
|
Over 16M unique persons records containing significant PII, financial/transactions (credit cards), KYC and data from TransUnion and Experian (background checks) . The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don't care. | Size: 518GB+ (compressed) | Updated: 5 May 2026 | SHA256: 520d50dc384fc474e419fdd19cb3517ed6ce778a187ae7d6f44b93ccef5687db |
|||||
| Ransomware | Entire list of affected schools by Instructure breach id28861 View details | IT | — | ||
|
Entire list of affected schools by Instructure breach refers to the school list associated with Instructure, the U.S.-based educational technology company behind the Canvas learning management system used by schools and universities. Instructure provides cloud-based software that supports online coursework, class communication, and digital learning administration for education institutions. Reporting on the incident describes ShinyHunters as the extortion group behind the campaign and says the affected institutions span thousands of schools and districts. The listing is categorized as a ransomware victim and is associated with ShinyHunters. |
|||||
| Ransomware | Instructure Holdings, Inc. (Canva LMS, instructure.com) id28796 View details | United States | Education | — | |
|
Nearly 9,000 schools worldwide affected. 275 million individuals data ranging from students, teachers, and other staff containing PII. Several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other PII. Your Salesforce instance was also breached and a lot more other data is involved. Pay or Leak. This is a final warning to reach out by 6 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Size: 3.65TB+ (uncompressed) | Updated: 3 May 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Cushman & Wakefield Inc. id28791 View details | United States | Construction / Real Estate | — | |
|
Over 500k Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 6 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 3 May 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | TOWERPOINT WEALTH, LLC id28402 View details | United States | Finance / Legal / Insurance | — | |
|
Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 4 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 1 May 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | Follett Software LLC id28403 View details | United States | Education | — | |
|
Over 4M Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 4 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 1 May 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | Vimeo, Inc. id28511 View details | United States | IT | — | |
|
Your Snowflake and Bigquery instances data was compromised thanks to Anodot.com. Pay or Leak. This is a final warning to reach out by 30 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 28 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Udemy, Inc. (udemy.com) id28654 View details | United States | Education | — | |
|
Over 1.4M records containing PII and other internal corporate data have been compromised. Pay or Leak. This is a final warning to reach out by 27 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 24 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | ADT, Inc. (adt.com) id28655 View details | United States | Services | — | |
|
Over 10M records containing PII and other internal corporate data have been compromised. Pay or Leak. This is a final warning to reach out by 27 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 24 Apri 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Aman Resorts (aman.com) id28749 View details | Singapore | Hospitality / Food & Beverage / Tourism | — | |
|
Over 500k Salesforce records containing PII have been compromised. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 18 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | The Canada Life Assurance Company (canadalife.com) id28750 View details | Canada | Finance / Legal / Insurance | — | |
|
Over 5.6M Salesforce records containing PII have been compromised. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 18 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Pitney Bowes Inc. (pb.com) id28751 View details | United States | Transportation / Travel / Logistics | — | |
|
Over 25M Salesforce records containing PII have been compromised. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 18 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | 7-Eleven, Inc. (7-eleven.com) id28752 View details | United States | Retail / E-commerce | — | |
|
Over 600k Salesforce records containing PII and other internal corporate data have been compromised. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 18 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Carnival Corporation & plc (carnivalcorp.com) id28753 View details | United States | Hospitality / Food & Beverage / Tourism | — | |
|
Over 8.7M records containing PII and other terabytes of internal corporate data have been compromised. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 18 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Zara (zara.com) id28754 View details | Spain | Retail / E-commerce | — | |
|
Your Bigquery instances data was compromised thanks to Anodot.com. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 18 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Alert 360 Opco Inc. (alert360.com) id28755 View details | United States | Services | — | |
|
Over 2.5M records containing PII and other internal corporate data have been compromised. Please read the chatlog of the negociation by cliking the Download button below to see why this data was leaked. | Size: 10GB+ (compressed) | Updated: 18 Apr 2026 | SHA256: 9c5c8225f27a23f1a03526bfd15dad02b5976797664a92bdd53b23f5f9ef3fe3 |
|||||
| Ransomware | Rockstar Games id28086 View details | United States | IT | — | |
|
Your Snowflake instances metrics data was compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 11 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Abrigo, Inc. id28085 View details | United States | Finance / Legal / Insurance | — | |
|
Over 1.7M Salesforce records containing PII and other internal corporate data have been compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 11 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Marcus & Millichap, Inc. id28084 View details | United States | Construction / Real Estate | — | |
|
Over 30M Salesforce records containing PII and other internal corporate data have been compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 11 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Kemper Corporation id28083 View details | United States | Finance / Legal / Insurance | — | |
|
Over 13M Salesforce records containing PII and other internal corporate data have been compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 11 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Ryan, LLC. id28082 View details | Finance / Legal / Insurance | — | ||
|
Over 4.8M Salesforce records containing PII and other internal corporate data have been compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 11 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | McGraw Hill, Inc. (mheducation.com) id28081 View details | United States | Education | — | |
|
Over 45M Salesforce records containing PII data have been compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 11 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | National Railroad Passenger Corporation (amtrak.com) id28080 View details | United States | Transportation / Travel / Logistics | — | |
|
Over 9.4M Salesforce records containing PII and other internal corporate data have been compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 11 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Mytheresa id28079 View details | Germany | Retail / E-commerce | — | |
|
Sensitive customer PII data and transactional history data was compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 11 Apr 2026 | Warning: FINAL WARNING PAY OR LEAK |
|||||
| Ransomware | Cisco Systems, Inc. (cisco.com) id27796 View details | United States | IT | — | |
|
3 breaches ( UNC6040 , Salesforce Aura, and AWS accounts). Total over 3M Salesforce records containing PII, Github repositories, AWS buckets and other internal corporate data have been compromised. This is a final warning to reach out by 3 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 31 Mar 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | Hallmark Cards, Inc. & Hallmark Plus id27761 View details | United States | Retail / E-commerce | — | |
|
Over 7.9M Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 2 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 31 Mar 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | European Commission (*.europa.eu) id27648 View details | Public Sector | — | ||
|
Over 350 GB+ of data was compromised, including data dumps of mail servers, databases, confidential documents, contracts, and much more sensitive material. | Size: 350GB+ (uncompressed) | Updated: 28 Mar 2026 | SHA256: 697c5cfbc64fa5cfbe3dd59a5cb4a2ee10ade8c53ef4c36f3ab3c7e1e35ff66e |
|||||
| Ransomware | BreachForums version 5 id27608 View details | IT | — | ||
|
BreachForums has been run by many fakes, but by us, following the FBI seizure on 10 Oct 2025. Maintaining such an ecosystem is a waste of our time. There was an unauthorised leak on 9 Jan 2026. Ever since then, false personas going by “N/A“ and “Indra“ were successfully able to restore a similar-looking “legitimate“ forum. All the current forums are fake [ .sb, .ac, .fi, .bf, .us, ect.]. If they continue to exist, we'll leak all the BF backups, including every private message, emails, IP addresses, posts, ect. We have exploits for all 1.8 versions of MyBB. |
|||||
| Ransomware | ZenBusiness, Inc. id27578 View details | United States | Finance / Legal / Insurance | — | |
|
Several terabytes from Snowflake, Mixpanel, Salesforce, and ect. have been compromised. This is a final warning to reach out by 30 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 26 Mar 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | Berkadia Commercial Mortgage, LLC. (berkadia.com) id27558 View details | United States | Construction / Real Estate | — | |
|
Salesforce records containing PII and other internal corporate data have been compromised. The company failed to reach an agreement with us despite all the chances and offers we made. They don't care. | Size: 27GB (compressed) | Updated: 25 Mar 2026 | SHA256: 2ae1c2804c01f5894143620518ec41fceb98e330f408c7f38e3d6ef93ebe8f21 |
|||||
| Ransomware | Ameriprise Financial, Inc. id27518 View details | United States | Finance / Legal / Insurance | — | |
|
Salesforce records containing PII and over 200GB compressed Sharepoint internal corporate data have been compromised. This is a final warning to reach out by 25 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 23 Mar 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | Infinite Campus, Inc. id27517 View details | United States | Education | — | |
|
Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 25 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 23 Mar 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | Berkadia Commercial Mortgage LLC id27457 View details | United States | Finance / Legal / Insurance | — | |
|
Over 5M Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 22 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 19 Mar 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | Aura Group, Inc. (aura.com) id27345 View details | United States | Other | — | |
|
Over 2M records containing PII and other internal corporate data have been compromised. The company failed to reach an agreement with us despite all the chances and offers we made. They don't care. | Size: 12GB (compressed) | Updated: 15 Mar 2026 | SHA256: 0d5bf85c7865b023266adc95a7449dd1bff6b208b4634976441ce5ee650894d0 |
|||||
| Ransomware | Aura Group, Inc id27279 View details | United States | Communication / Marketing | — | |
|
Over 2M records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 14 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 12 Mar 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | CFGI Management (cfgi.com) id27217 View details | United States | Services | — | |
|
Over 800k records containing PII and other internal corporate data have been compromised. The company failed to reach an agreement with us despite all the chances and offers we made. They don't care about their clients nor investors. | Updated: 10 Mar 2026 | SHA256: 1dbf6b9a06960cc8c4043de9f94a2494845b96d07a8a14aab89099ced8baef0c |
|||||
| Ransomware | Vertex Inc. id27216 View details | United States | Communication / Marketing | — | |
|
Over 2M records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 12 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 10 Mar 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | Salesforce Aura Campaign id27215 View details | Retail / E-commerce | — | ||
|
Several hundreds of companies set to release with FINAL WARNINGs upon failure to comply. To all affected companies who will be or are being contacted by us ("ShinyHunters"), please consider this a preliminary warning before we release your name with FINAL WARNING or a complete data leak. Reply, engage, pay a small price, and prevent a publication. Make the right decision, don't be the next headline. | Updated: 10 Mar 2026 | Warning: NOTICE OF WARNING |
|||||
| Ransomware | CFGI Management, LLC. id27114 View details | United States | Services | — | |
|
Over 800k records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 09 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 06 Mar 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | Pathstone.com id27113 View details | United States | Communication / Marketing | — | |
|
Salesforce records were compromised and other internal corporate data have been compromised. The company failed to reach an agreement with us despite all the chances and offers we made. They don't care about their clients nor investors. | Size: 15GB (compressed) | Updated: 06 Mar 2026 | SHA256: 6377f58fe8229bc376bbcf6acc32d00cdfb0ac415b8660106f29ca14fa6d0561 |
|||||
| Ransomware | Woflow, Inc. id26996 View details | United States | Communication / Marketing | — | |
|
Several hundreds of millions of records containing PII, transaction/order data, other internal corporate data, and a lot more (you don't want us to say publicly) have been compromised. This is a final warning to reach out by 05 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 03 Mar 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | Pathstone Family Office, LLC id26886 View details | United States | Communication / Marketing | — | |
|
Over 641k records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 2 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 27 Feb 2026 | Warning: FINAL WARNING |
|||||
| Ransomware | University of Pennsylvania id26787 View details | United States | Education | — | |
|
Records: 1.2M Records | Updated: 04 Feb 2026 | Note: Make the right decision, don't be the next headline. | This is the direct result of advisors advising you against paying a ransom. It has the opposite effect. Do NOT provoke us again and pay the ransom when we contact you. |
|||||
| Ransomware | Harvard University id26786 View details | United States | Education | — | |
|
Size: 1.1GB (compressed) | Updated: 04 Feb 2026 | Note: Make the right decision, don't be the next headline. | This is the direct result of advisors advising you against paying a ransom. It has the opposite effect. Do NOT provoke us again and pay the ransom when we contact you. |
|||||
| Ransomware | Figure Technology Solutions, Inc. id26785 View details | United States | IT | — | |
|
Size: 2.5GB (compressed) | Updated: 13 Feb 2026 | Note: Pay or be humiliated. | They were given multiple chances to pay the ransom, but they decided to waste time and hide instead. |
|||||
| Ransomware | Canada Goose id26784 View details | Canada | Other | — | |
|
Updated: 15 Feb 2026 |
|||||
| Ransomware | CarGurus, Inc. id26783 View details | United States | Communication / Marketing | — | |
|
Size: 6.1GB (compressed) | Updated: 21 Feb 2026 |
|||||
| Ransomware | Mercer Advisors id26782 View details | United States | Other | — | |
|
Updated: 21 Feb 2026 |
|||||
| Ransomware | Beacon Pointe Advisors id26781 View details | United States | Communication / Marketing | — | |
|
Size: 60GB (compressed) | Updated: 22 Feb 2026 |
|||||
| Ransomware | Odido NL & Ben.nl id26780 View details | Netherlands | Other | — | |
|
Records: ~21M Records | Updated: 24 Feb 2026 |
|||||
| Ransomware | Bumble Inc. id25896 View details | United States | Services | — | |
|
Updated: 29 Jan 2026 |
|||||
| Ransomware | Match Group id25858 View details | United States | Services | — | |
|
Records: 10M Records | Updated: 28 Jan 2026 | Note: Your greed is killing you. | Don't be an idiot like this company. Make the right decision; don't be the next headline. Get off your moral high horse and make the right decision for your stakeholders. PAY OR LEAK otherwise you'll be made an example of. |
|||||
| Ransomware | Panera Bread id25836 View details | United States | Other | — | |
|
Records: 14M Records | Updated: 27 Jan 2026 | Note: Don't be the next headline. | Don't be an idiot like this company. Make the right decision, don't be the next headline. |
|||||
| Ransomware | Edmunds.com, Inc. id25736 View details | United States | Communication / Marketing | — | |
|
Size: 12 GB (compressed) | Updated: 24 Jan 2026 |
|||||
| Ransomware | CarMax, Inc. id25732 View details | United States | Communication / Marketing | — | |
|
Size: 1.7 GB (compressed) | Records: 500k Records | Updated: 24 Jan 2026 |
|||||
| Ransomware | SoundCloud id25719 View details | Germany | IT | — | |
|
Size: 2.8 GB (compressed) | Records: 30M Records | Updated: 23 Jan 2026 |
|||||
| Ransomware | Crunchbase, Inc. id25718 View details | United States | Communication / Marketing | — | |
|
Size: 1.3 GB (compressed) | Records: 2M Records | Updated: 23 Jan 2026 |
|||||
| Ransomware | Betterment, LLC. id25717 View details | United States | Communication / Marketing | — | |
|
Size: 1.6 GB (compressed) | Records: 20M Records | Updated: 23 Jan 2026 | Note: Betterment better(get some)help | Betterment refused our generous offers as low as $0.95 per active customer record stolen. If you are a Betterment customer, remember that they value your privacy and peace of mind lower than the price of a roll of toilet paper. |
|||||
| Ransomware | Engie Resources id22969 View details | United States | Energy | ||
|
[AI generated] Engie Resources is a subsidiary of Engie, a global energy player. The company provides commercial and industrial customers with comprehensive energy solutions, including electricity supply, natural gas, renewable energy, and demand response capabilities. They are committed to responsible energy management and deliver custom strategies to help their clients control energy costs, manage risk, and influence energy infrastructure development. |
|||||
| Ransomware | Albertsons Companies, Inc. id22968 View details | United States | Retail / E-commerce | ||
|
[AI generated] Albertsons Companies, Inc. is one of the largest food and drug retailers in the United States, serving millions of customers each week. The company operates stores across 35 states and the District of Columbia under 20 leading banners including Albertsons, Safeway, Vons, and Jewel-Osco. In addition to its retail operations, Albertsons also has a health and wellness business and a private brand portfolio. |
|||||
| Ransomware | Qantas Airways Limited id22967 View details | Australia | Transportation / Travel / Logistics | ||
|
qantas.com is the official website of Qantas, Australia’s flag carrier and a major airline group headquartered in Australia. The Qantas Group focuses on transporting passengers and freight through its airline brands, including Qantas and Jetstar, across domestic and international routes. As a transportation, travel, and logistics business, it supports flight booking, customer service, and broader airline operations for travelers and commercial customers. In the threat-intelligence index, qantas.com was listed as a ransomware victim associated with shinyhunters. |
|||||