Canada Life suffered a data breach in April 2026 when the ShinyHunters group stole and published data on over 237,000 customers, including names, email addresses, phone numbers, physical addresses, and support tickets.
In May 2026, real estate services firm Cushman & Wakefield had data on approximately 310,000 accounts exposed after the ShinyHunters group carried out an extortion campaign and published stolen corporate contact records.
Woflow, an AI-driven merchant data platform, had data on approximately 447,593 accounts exposed after the ShinyHunters extortion group published files allegedly stolen from the company in March 2026.
Marcus & Millichap, a commercial real estate brokerage, had data on approximately 1.8 million individuals exposed after being named as an alleged victim of the ShinyHunters hacking group in April 2026.
ZenBusiness, a business formation platform, had data on approximately 5.1 million accounts exposed after the hacker group ShinyHunters claimed to have exfiltrated records from multiple platforms and publicly released the data following an unpaid ransom demand.
Aman, an ultra-luxury hotel brand, suffered a data breach in April 2026 when ShinyHunters obtained customer records from their Salesforce CRM and later leaked them publicly.
Udemy suffered a data breach affecting 1.4 million accounts, with customer and instructor information including email addresses, names, addresses, phone numbers, and payment methods exposed.
SUCCESS, a personal development media brand, suffered a data breach in March 2026 exposing approximately 253,510 accounts with names, email addresses, phone numbers, and other personal information.
Pitney Bowes suffered a data breach in April 2026 affecting approximately 8.2 million individuals, with ShinyHunters claiming responsibility and publicly releasing the stolen data.
McGraw Hill confirmed a data breach in April 2026 affecting 13.5 million accounts, exposing email addresses, names, phone numbers, and physical addresses due to a Salesforce misconfiguration.
Hallmark suffered a breach in March 2026 after attackers accessed data stored in Salesforce, exposing approximately 1.7 million customer records.
Turkish restaurant chain Baydöner suffered a data breach in March 2026 exposing over 1.2 million customer records including names, email addresses, phone numbers, and plaintext passwords.
Aura disclosed a data breach in March 2026 affecting over 900,000 customer records, primarily from a marketing tool associated with a previously acquired company.
ADT confirmed a data breach affecting 5.5 million customers in April 2026, with ShinyHunters claiming responsibility and threatening to leak the data.