Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
June 2026 Stealer Logs
| Added Date: |
6/15/2026 |
| Breach Date: |
6/15/2026 |
| Updated Date: |
6/15/2026 |
| Breach Count: |
56,278,397 |
| Content: |
Email addresses, Passwords |
| Domain: |
n/a |
Description:
In June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been added to Pwned Passwords and are now searchable. Individuals can view any records captured against their email address in the stealer logs section of their dashboard. Organisations can see logs affecting their domain via the stealer logs API.
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Berkadia
| Added Date: |
6/14/2026 |
| Breach Date: |
3/19/2026 |
| Updated Date: |
6/14/2026 |
| Breach Count: |
305,216 |
| Content: |
Email addresses, Employers, Names, Phone numbers, Physical addresses |
| Domain: |
berkadia.com |
Description:
In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k unique email addresses as well as names, physical addresses and phone numbers, among other data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Infinite Campus
| Added Date: |
6/14/2026 |
| Breach Date: |
3/18/2026 |
| Updated Date: |
6/14/2026 |
| Breach Count: |
137,123 |
| Content: |
Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses, Support tickets, Usernames |
| Domain: |
infinitecampus.com |
Description:
In March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along with names, phone numbers, physical addresses and support tickets. Infinite Campus subsequently sent notifications, advising that the exposed data largely consisted of "names and contact information for school staff" and that "the majority is directory information commonly found on school websites".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
University of Nottingham
| Added Date: |
6/10/2026 |
| Breach Date: |
6/9/2026 |
| Updated Date: |
6/10/2026 |
| Breach Count: |
454,635 |
| Content: |
Academic records, Citizenship statuses, Dates of birth, Disabilities, Email addresses, Ethnicities, Genders, IP addresses, Names, Passport numbers, Phone numbers, Physical addresses, Purchases, Salutations, Usernames |
| Domain: |
nottingham.ac.uk |
Description:
In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. In a post about the incident, the university advised that the breach affected both "current students, and alumni".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Baker Distributing
| Added Date: |
6/7/2026 |
| Breach Date: |
5/23/2026 |
| Updated Date: |
6/7/2026 |
| Breach Count: |
102,935 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses, Support tickets |
| Domain: |
bakerdist.com |
Description:
In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site. In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure including 103k unique email addresses along with names, physical addresses, phone numbers and tickets relating to the company's HVAC contractor customer base. The exposed data was largely corporate contact and support information with limited sensitivity.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
BCD Travel
| Added Date: |
6/5/2026 |
| Breach Date: |
5/29/2026 |
| Updated Date: |
6/5/2026 |
| Breach Count: |
396,313 |
| Content: |
Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses, Support tickets |
| Domain: |
bcdtravel.com |
Description:
In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other exposed data included names, addresses, phone numbers, job titles and employer names, spanning a variety of different data sets including leads, internal staff and support tickets.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
DentaQuest
| Added Date: |
6/3/2026 |
| Breach Date: |
5/23/2026 |
| Updated Date: |
6/3/2026 |
| Breach Count: |
2,553,599 |
| Content: |
Dates of birth, Email addresses, Genders, Government issued IDs, Health insurance information, Names, Phone numbers, Physical addresses |
| Domain: |
dentaquest.com |
Description:
In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files. DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to a limited portion of our network", and advised they had contained the attack and mitigated the threat.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Edmunds
| Added Date: |
6/1/2026 |
| Breach Date: |
1/24/2026 |
| Updated Date: |
6/1/2026 |
| Breach Count: |
177,860 |
| Content: |
Device information, Email addresses, IP addresses, Passwords, Phone numbers, Usernames |
| Domain: |
edmunds.com |
Description:
In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached. Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses, usernames, passwords, IP addresses, phone numbers and vehicle-related records.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Atlas Menu
| Added Date: |
5/30/2026 |
| Breach Date: |
5/30/2026 |
| Updated Date: |
5/30/2026 |
| Breach Count: |
63,926 |
| Content: |
Email addresses, IP addresses, Passwords, Support tickets, Usernames |
| Domain: |
atlasmenu.net |
Description:
In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresses along with usernames, IP addresses, support tickets and passwords stored as bcrypt hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Charter
| Added Date: |
5/28/2026 |
| Breach Date: |
5/23/2026 |
| Updated Date: |
5/28/2026 |
| Breach Count: |
4,851,517 |
| Content: |
Email addresses, Job titles, Names, Phone numbers, Physical addresses |
| Domain: |
charter.com |
Description:
In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group later published the data, which exposed 4.9M unique email addresses along with names, phone numbers and physical addresses. A subset of approximately 85k records originating from an internal employee directory also included job titles. Charter confirmed the incident, but stated that no sensitive personal information or customer proprietary network information (CPNI) was exfiltrated.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Kemper
| Added Date: |
5/28/2026 |
| Breach Date: |
4/15/2026 |
| Updated Date: |
5/28/2026 |
| Breach Count: |
269,299 |
| Content: |
Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases |
| Domain: |
kemper.com |
Description:
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of a broader campaign targeting hundreds of organisations using the same method. The group later published tens of gigabytes of data they claimed included internal directory data, Salesforce records and Stripe payment logs. Among the 269k unique email addresses were names, phone numbers, physical addresses and partial payment card data including the last 4 digits, expiry dates and card brands. Kemper confirmed the incident and stated they had engaged third-party cybersecurity experts and notified law enforcement.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Mytheresa
| Added Date: |
5/27/2026 |
| Breach Date: |
4/12/2026 |
| Updated Date: |
5/27/2026 |
| Breach Count: |
84,108 |
| Content: |
Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases, Salutations |
| Domain: |
mytheresa.com |
Description:
In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The exposed data also included names, phone numbers, physical addresses, purchases and partial credit card data including card type, last 4 digits and expiry date.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Ameriprise
| Added Date: |
5/26/2026 |
| Breach Date: |
3/2/2026 |
| Updated Date: |
5/26/2026 |
| Breach Count: |
502,597 |
| Content: |
Email addresses, Employers, Financial transactions, Job titles, Names, Phone numbers, Physical addresses |
| Domain: |
ameriprise.com |
Description:
In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePoint infrastructure, and subsequently published the data after negotiations allegedly failed. The published data contained 500k unique email addresses as well as names, phone numbers, physical addresses and employer information. In their disclosure to state attorneys general, Ameriprise reported 47,876 affected people; the larger email address population represents contacts from Ameriprise's broader operational systems, including internal staff. Ameriprise further advised that they have "implemented heightened monitoring of your account(s) to include enhanced identity verification procedures".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
7-Eleven
| Added Date: |
5/24/2026 |
| Breach Date: |
4/8/2026 |
| Updated Date: |
5/24/2026 |
| Breach Count: |
185,256 |
| Content: |
Dates of birth, Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
7-eleven.com |
Description:
In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters, with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers. A small number of records also contained additional exposed data fields. The company later advised the breach was limited to "certain 7-Eleven systems used to store franchisee documents", a statement consistent with the exposed data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Dragonica Lunaris
| Added Date: |
5/20/2026 |
| Breach Date: |
12/6/2025 |
| Updated Date: |
5/20/2026 |
| Breach Count: |
126,293 |
| Content: |
Dates of birth, Email addresses, Names, Passwords, Spoken languages, Usernames |
| Domain: |
playdragonica.eu |
Description:
In December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt password hashes. The service operator confirmed the breach and advised it has since been fixed.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Windows93 / Myspace93
| Added Date: |
5/20/2026 |
| Breach Date: |
1/1/2021 |
| Updated Date: |
5/20/2026 |
| Breach Count: |
46,105 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
windows93.net |
Description:
In January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files. The compromised data was later leaked in June and included 46k Myspace93 accounts containing email and IP addresses, usernames and passwords stored in plain text.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
CTT
| Added Date: |
5/18/2026 |
| Breach Date: |
4/26/2026 |
| Updated Date: |
5/18/2026 |
| Breach Count: |
468,124 |
| Content: |
Email addresses, Names, Phone numbers |
| Domain: |
ctt.pt |
Description:
In April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum. The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to retrieve the tracking history of the parcel.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Addi
| Added Date: |
5/18/2026 |
| Breach Date: |
3/25/2026 |
| Updated Date: |
5/18/2026 |
| Breach Count: |
34,532,941 |
| Content: |
Age groups, Credit scores, Device information, Email addresses, Government issued IDs, Income levels, IP addresses, Latitude and longitude pairs, Names, Phone numbers, Physical addresses, Purchases, Socioeconomic levels |
| Domain: |
addi.com |
Description:
In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibility and published a large trove of personal data allegedly obtained from Addi. The data included 34M unique email addresses from credit scoring requests, credit bureau records, customer identity records and email validation logs. It also contained government issued IDs (Cédula de Ciudadanía), estimated income, socioeconomic levels, purchases and other credit-related data points.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Abrigo
| Added Date: |
5/13/2026 |
| Breach Date: |
4/14/2026 |
| Updated Date: |
5/13/2026 |
| Breach Count: |
711,099 |
| Content: |
Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses |
| Domain: |
abrigo.com |
Description:
In April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group. Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belonging to both Abrigo staff and external contacts. Whilst separate from Abrigo's Salesforce compromise via the Drift application connector the previous year, the data fields described in that incident are consistent with the ShinyHunters data, namely that it was "business contact information" including "institution name, employee name, email addresses, and phone numbers".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Canada Life
| Added Date: |
5/13/2026 |
| Breach Date: |
4/20/2026 |
| Updated Date: |
5/13/2026 |
| Breach Count: |
237,810 |
| Content: |
Email addresses, Job titles, Names, Phone numbers, Physical addresses, Salutations, Support tickets |
| Domain: |
canadalife.com |
Description:
In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group. The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets. In their disclosure notice, Canada Life advised that "it is a small proportion of our customers who may have been impacted". In the wake of the incident, Canada Life also published an alert cautioning customers to be wary of phishing attacks, a pattern often seen after the public release of breached data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: