<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
  <channel xmlns:atom="http://www.w3.org/2005/Atom">
    <title>Have I Been Pwned latest breaches</title>
    <link>https://haveibeenpwned.com/</link>
    <description>The latest publicly leaked data breaches to hit Have I Been Pwned</description>
    <atom:link href="https://haveibeenpwned.com/feed/breaches/" rel="self" type="application/rss+xml" />
    <item>
      <guid isPermaLink="false">Fluke</guid>
      <link>https://haveibeenpwned.com/Breach/Fluke</link>
      <title>Fluke - 821,100 breached accounts</title>
      <description>In July 2026, electronic test and measurement equipment company &lt;a href="https://breachnews.com/breaches/shinyhunters-adds-ingram-content-group-and-fluke-corporation-to-leak-site/" target="_blank" rel="noopener"&gt;Fluke was targeted in a ShinyHunters "pay or leak" extortion campaign&lt;/a&gt;. The group subsequently published more than 100GB of data allegedly taken from the company. The corpus contained largely corporate contact information, including over 800k unique email addresses, names, phone numbers and physical addresses. A large collection of support cases was also present.</description>
      <pubDate>Wed, 15 Jul 2026 08:01:04 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">GooseCreek</guid>
      <link>https://haveibeenpwned.com/Breach/GooseCreek</link>
      <title>Goose Creek - 6,574,121 breached accounts</title>
      <description>In June 2026, &lt;a href="https://www.reddit.com/r/goosecreekcandles/comments/1u1dulr/data_breach_email/" target="_blank" rel="noopener"&gt;a party claiming to have access to data from Goose Creek Candle Company sent emails to a number of the company's customers&lt;/a&gt;, claiming the company had a security vulnerability and suffered a data breach. The data was subsequently sent to Have I Been Pwned and contained 6.6M unique email addresses along with names, phone numbers, physical addresses, order IDs and total spent. The data appears to have been obtained from the company's Shopify instance. Goose Creek is aware of the reports but was unable to provide Have I Been Pwned with any further information at the time of publication.</description>
      <pubDate>Wed, 15 Jul 2026 05:03:14 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">GlendaleCommunityCollege</guid>
      <link>https://haveibeenpwned.com/Breach/GlendaleCommunityCollege</link>
      <title>Glendale Community College - 793,925 breached accounts</title>
      <description>In June 2026, &lt;a href="https://x.com/DarkWebInformer/status/2066611727106715692" target="_blank" rel="noopener"&gt;Glendale Community College was the target of a ShinyHunters "pay or leak" extortion campaign&lt;/a&gt;. Data allegedly obtained from Glendale was later published online and included almost 800k unique email addresses along with various other data fields, including names, addresses, phone numbers, Social Security numbers and other information relating to student enrolments. &lt;a href="https://glendale.edu/about-gcc/communications/update/" target="_blank" rel="noopener"&gt;In its disclosure notice&lt;/a&gt;, the college advised that "the potentially impacted information may vary for each individual and may include all or just one of the above-listed types of information".</description>
      <pubDate>Sat, 11 Jul 2026 10:40:09 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">MoodyBibleInstitute</guid>
      <link>https://haveibeenpwned.com/Breach/MoodyBibleInstitute</link>
      <title>Moody Bible Institute - 2,303,416 breached accounts</title>
      <description>In June 2026, &lt;a href="https://cyberinsider.com/moody-bible-institute-investigates-potential-data-breach-incident/" target="_blank" rel="noopener"&gt;Moody Bible Institute was targeted by a ShinyHunters "pay or leak" extortion campaign&lt;/a&gt;. Over 2.3M unique email addresses and other personal data were later published publicly, including names, physical addresses, phone numbers, dates of birth and other information relating to donors, supporters, students and alumni. &lt;a href="https://www.moodybible.org/news/2026/data-investigation/" target="_blank" rel="noopener"&gt;In their disclosure notice&lt;/a&gt;, Moody advised that they had "engaged both internal and external cybersecurity experts to thoroughly investigate the matter".</description>
      <pubDate>Fri, 03 Jul 2026 16:03:25 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">Sysco</guid>
      <link>https://haveibeenpwned.com/Breach/Sysco</link>
      <title>Sysco - 2,691,852 breached accounts</title>
      <description>In June 2026, the food distribution company &lt;a href="https://cybernews.com/news/sysco-shinyhunters-61-million-salesforce-records/" target="_blank" rel="noopener"&gt;Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign&lt;/a&gt;. Data was subsequently published containing 2.7M unique email addresses belonging to staff and customers. The data also contained largely corporate contact information including names, phone numbers, physical addresses, internal job titles, and customer feedback.</description>
      <pubDate>Sun, 28 Jun 2026 15:57:29 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">AmericanTower</guid>
      <link>https://haveibeenpwned.com/Breach/AmericanTower</link>
      <title>American Tower - 216,601 breached accounts</title>
      <description>In June 2026, telecommunications tower infrastructure company &lt;a href="https://x.com/H4ckmanac/status/2065383723739046213" target="_blank" rel="noopener"&gt;American Tower was the target of a ShinyHunters "pay or leak" extortion campaign&lt;/a&gt;. The group subsequently published data allegedly taken from the company containing more than 200k unique email addresses belonging to employees, contractors, customers, and leads. Exposed data also included names, addresses, and phone numbers.</description>
      <pubDate>Fri, 26 Jun 2026 07:17:23 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">MadisonSquareGardenSports</guid>
      <link>https://haveibeenpwned.com/Breach/MadisonSquareGardenSports</link>
      <title>Madison Square Garden Sports - 9,796,738 breached accounts</title>
      <description>In June 2026, the sports and entertainment company &lt;a href="https://www.404media.co/hackers-publish-knicks-and-madison-square-garden-data-online/" target="_blank" rel="noopener"&gt;Madison Square Garden Sports was the target of a ShinyHunters "pay or leak" extortion campaign&lt;/a&gt;. The group later published the alleged data, which included almost 10M unique email addresses spanning staff and customers, along with extensive personal, employment and customer relationship information.</description>
      <pubDate>Wed, 24 Jun 2026 13:02:33 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">JCPenney</guid>
      <link>https://haveibeenpwned.com/Breach/JCPenney</link>
      <title>JCPenney - 368,418 breached accounts</title>
      <description>In June 2026, retailer &lt;a href="https://breachnews.com/breaches/shinyhunters-threatens-council-of-europe-american-tower-jcpenney-and-others-with-imminent-data-leaks/" target="_blank" rel="noopener"&gt;JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign&lt;/a&gt;. Data allegedly obtained from JCPenney through the exploitation of &lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit" target="_blank" rel="noopener"&gt;a critical zero-day vulnerability in Oracle PeopleSoft&lt;/a&gt; was later published publicly. The exposed records indicated they primarily related to internal HR systems and impacted current and former employees. The data included 368k corporate and personal email addresses, names, dates of birth, Social Security numbers, phone numbers and home addresses.</description>
      <pubDate>Sat, 20 Jun 2026 03:02:45 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">RalphLauren</guid>
      <link>https://haveibeenpwned.com/Breach/RalphLauren</link>
      <title>Ralph Lauren - 139,903 breached accounts</title>
      <description>In June 2026, fashion retailer &lt;a href="https://cybernews.com/security/ralph-lauren-data-breach-claims/" target="_blank" rel="noopener"&gt;Ralph Lauren was targeted in a ShinyHunters "pay or leak" extortion campaign&lt;/a&gt;. The group subsequently published hundreds of gigabytes of data they claimed was obtained from the organisation's Salesforce instance, including 140k unique email addresses along with names, phone numbers, genders and age groups.</description>
      <pubDate>Thu, 18 Jun 2026 22:48:34 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">OperationEndgame4</guid>
      <link>https://haveibeenpwned.com/Breach/OperationEndgame4</link>
      <title>Operation Endgame 4.0 - 4,160,519 breached accounts</title>
      <description>On 18 June 2026, the latest phase of &lt;a href="https://www.politie.nl/en/news/2026/june/18/international-law-enforcement-initiate-hunt-on-malware-group-socgholish.html" target="_blank" rel="noopener"&gt;Operation Endgame targeted the SocGholish malware operation&lt;/a&gt;, a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies with support from Europol and Eurojust, the operation remediated almost 15,000 compromised websites and disrupted more than 100 servers and domains used to distribute malware. Authorities initially provided HIBP with 154k impacted email addresses and more than half a million previously unseen passwords recovered during the operation. The following week, a further 4M email addresses and 9M passwords relating to &lt;a href="https://www.europol.europa.eu/media-press/newsroom/news/global-cyber-strike-disrupts-socgholish-amadey-and-stealc-malware-networks" target="_blank" rel="noopener"&gt;the StealC malware operation targeted by Operation Endgame&lt;/a&gt; were provided to HIBP, bringing the total to almost 4.2M unique email addresses.</description>
      <pubDate>Thu, 18 Jun 2026 20:08:06 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">CFGI</guid>
      <link>https://haveibeenpwned.com/Breach/CFGI</link>
      <title>CFGI - 248,235 breached accounts</title>
      <description>In March 2026, the financial consulting and advisory firm &lt;a href="https://x.com/AlvieriD/status/2029785330677936135" target="_blank" rel="noopener"&gt;CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign&lt;/a&gt;. The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k unique email addresses, names, phone numbers and physical addresses.</description>
      <pubDate>Thu, 18 Jun 2026 03:22:51 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">June2026StealerLogs</guid>
      <link>https://haveibeenpwned.com/Breach/June2026StealerLogs</link>
      <title>June 2026 Stealer Logs - 56,278,397 breached accounts</title>
      <description>In June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been added to &lt;a href="https://haveibeenpwned.com/Passwords"&gt;Pwned Passwords&lt;/a&gt; and are now searchable. Individuals can view any records captured against their email address in &lt;a href="https://haveibeenpwned.com/Dashboard/Redirect/StealerLogs"&gt;the stealer logs section of their dashboard&lt;/a&gt;. Organisations can see logs affecting their domain via &lt;a href="https://haveibeenpwned.com/API/v3#StealerLogsOverview"&gt;the stealer logs API&lt;/a&gt;.</description>
      <pubDate>Mon, 15 Jun 2026 19:30:15 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">Berkadia</guid>
      <link>https://haveibeenpwned.com/Breach/Berkadia</link>
      <title>Berkadia - 305,216 breached accounts</title>
      <description>In March 2026, the commercial real estate finance company &lt;a href="https://x.com/AlvieriD/status/2034584125106000005" target="_blank" rel="noopener"&gt;Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign&lt;/a&gt;. The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k unique email addresses as well as names, physical addresses and phone numbers, among other data.</description>
      <pubDate>Mon, 15 Jun 2026 04:09:04 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">InfiniteCampus</guid>
      <link>https://haveibeenpwned.com/Breach/InfiniteCampus</link>
      <title>Infinite Campus - 137,123 breached accounts</title>
      <description>In March 2026, the student information system &lt;a href="https://www.bleepingcomputer.com/news/security/infinite-campus-warns-of-breach-after-shinyhunters-claims-data-theft/" target="_blank" rel="noopener"&gt;Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign&lt;/a&gt;. The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along with names, phone numbers, physical addresses and support tickets. &lt;a href="https://www.reddit.com/r/k12sysadmin/comments/1s12xx7/infinite_campus_incident/" target="_blank" rel="noopener"&gt;Infinite Campus subsequently sent notifications&lt;/a&gt;, advising that the exposed data largely consisted of "names and contact information for school staff" and that "the majority is directory information commonly found on school websites".</description>
      <pubDate>Mon, 15 Jun 2026 01:03:42 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">UniversityOfNottingham</guid>
      <link>https://haveibeenpwned.com/Breach/UniversityOfNottingham</link>
      <title>University of Nottingham - 454,635 breached accounts</title>
      <description>In June 2026, &lt;a href="https://www.bbc.com/news/articles/ckg0lkp042zo" target="_blank" rel="noopener"&gt;the University of Nottingham was the target of a cyber attack&lt;/a&gt;, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. &lt;a href="https://www.nottingham.ac.uk/currentstudents/news/student-and-alumni-data-has-been-compromised-in-a-data-security-incident" target="_blank" rel="noopener"&gt;In a post about the incident&lt;/a&gt;, the university advised that the breach affected both "current students, and alumni".</description>
      <pubDate>Wed, 10 Jun 2026 22:13:31 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">BakerDistributing</guid>
      <link>https://haveibeenpwned.com/Breach/BakerDistributing</link>
      <title>Baker Distributing - 102,935 breached accounts</title>
      <description>In May 2026, the HVAC/R wholesale distributor &lt;a href="https://x.com/DailyDarkWeb/status/2062522924582502737" target="_blank" rel="noopener"&gt;Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site&lt;/a&gt;. In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure including 103k unique email addresses along with names, physical addresses, phone numbers and tickets relating to the company's HVAC contractor customer base. The exposed data was largely corporate contact and support information with limited sensitivity.</description>
      <pubDate>Sun, 07 Jun 2026 06:16:36 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">BCDTravel</guid>
      <link>https://haveibeenpwned.com/Breach/BCDTravel</link>
      <title>BCD Travel - 396,313 breached accounts</title>
      <description>In May 2026, the corporate travel management company &lt;a href="https://www.ictmagazine.nl/nieuws/shinyhunters-claimt-datadiefstal-bij-groot-internationaal-zakenreisbureau/" target="_blank" rel="noopener"&gt;BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign&lt;/a&gt;. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other exposed data included names, addresses, phone numbers, job titles and employer names, spanning a variety of different data sets including leads, internal staff and support tickets.</description>
      <pubDate>Fri, 05 Jun 2026 06:53:15 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">DentaQuest</guid>
      <link>https://haveibeenpwned.com/Breach/DentaQuest</link>
      <title>DentaQuest - 2,553,599 breached accounts</title>
      <description>In May 2026, the dental benefits administrator &lt;a href="https://x.com/DarkWebInformer/status/2060540499740479800" target="_blank" rel="noopener"&gt;DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign&lt;/a&gt; that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (&lt;a href="https://en.wikipedia.org/wiki/ASC_X12" target="_blank" rel="noopener"&gt;ASC X12 transaction sets&lt;/a&gt;) with some containing Medicaid IDs, while additional data appeared in member records and related files. &lt;a href="https://www.dentaquest.com/en/security-update-0526" target="_blank" rel="noopener"&gt;DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to a limited portion of our network"&lt;/a&gt;, and advised they had contained the attack and mitigated the threat.</description>
      <pubDate>Wed, 03 Jun 2026 22:56:30 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">Edmunds</guid>
      <link>https://haveibeenpwned.com/Breach/Edmunds</link>
      <title>Edmunds - 177,860 breached accounts</title>
      <description>In January 2026, the automotive research and car-shopping platform &lt;a href="https://cybernews.com/security/edmunds-data-breach-shiny-hunters/" target="_blank" rel="noopener"&gt;Edmunds was listed by the ShinyHunters hacking group as having been breached&lt;/a&gt;. Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses, usernames, passwords, IP addresses, phone numbers and vehicle-related records.</description>
      <pubDate>Mon, 01 Jun 2026 07:39:02 Z</pubDate>
    </item>
    <item>
      <guid isPermaLink="false">AtlasMenu</guid>
      <link>https://haveibeenpwned.com/Breach/AtlasMenu</link>
      <title>Atlas Menu - 63,926 breached accounts</title>
      <description>In May 2026, the GTA V and CS2 cheat service &lt;a href="https://atlasmenu.net" target="_blank" rel="noopener"&gt;Atlas Menu&lt;/a&gt; suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresses along with usernames, IP addresses, support tickets and passwords stored as bcrypt hashes.</description>
      <pubDate>Sat, 30 May 2026 23:35:29 Z</pubDate>
    </item>
  </channel>
</rss>