ClaimScan helps you scan read-only email for possible class-action settlement matches, breach notices, receipts, and suspicious sender patterns. Breached still tracks every US data breach from official sources in plain English.
Every breach links back to the official report — SEC filings, state attorneys general, news, and security researchers.
ClaimScan looks for possible settlement matches, source records, deadlines, and evidence without treating a scan as legal advice.
Suspicious settlement emails, sender domains, and claim links can be checked against verified notices before you act.
TechCrunch reported that hackers stole student data during a breach at education technology company Instructure, which is widely known for its Canvas platform.
Sysco, a food distribution company, had data on approximately 2.7 million staff and customers exposed after a ShinyHunters extortion campaign resulted in the publication of corporate contact information.
American Tower had data on over 216,000 employees, contractors, customers, and leads exposed after a ShinyHunters extortion campaign in June 2026.
Madison Square Garden Sports had data on nearly 10 million accounts exposed after the ShinyHunters group carried out a pay-or-leak extortion campaign and published the stolen data online.
JCPenney suffered a data breach in June 2026 when ShinyHunters exploited a zero-day vulnerability in Oracle PeopleSoft, exposing personal and HR data for approximately 368,000 current and former employees.
Ralph Lauren had data on approximately 140,000 individuals exposed after the ShinyHunters group claimed to have extracted records from the company's Salesforce instance and published them as part of an extortion campaign.
International law enforcement, coordinated through Europol and Eurojust, disrupted the SocGholish malware network on 18 June 2026, providing HIBP with approximately 154,000 affected email addresses and over 500,000 previously unseen passwords.
CFGI, a financial consulting and advisory firm, had data on approximately 248,000 individuals exposed after the ShinyHunters group conducted an extortion campaign and subsequently published corporate contact information.
Infinite Campus, a student information system, had data on approximately 137,000 accounts stolen and published by the ShinyHunters group in March 2026 following an extortion campaign.
Berkadia, a commercial real estate finance company, had data from its Salesforce instance published by the ShinyHunters group in March 2026, exposing over 300,000 individuals' contact and employer information.
Baker Distributing Company had data on approximately 103,000 accounts exposed after the ShinyHunters extortion group published information allegedly taken from the company's SharePoint and Salesforce systems in May 2026.
BCD Travel, a corporate travel management company, had data on approximately 396,000 individuals exposed after ShinyHunters claimed the company as a victim of an extortion campaign and published the data publicly in early June 2026.
DentaQuest, a dental benefits administrator, had data on approximately 2.6 million individuals publicly leaked by the ShinyHunters group following an extortion campaign in May 2026.