Skip to main content
Cyber Made Simple
Get started
Breach awareness

Recent data breaches

We track public breach incidents so you can spot what might affect you — without turning CMS2 into a threat-intelligence platform. Check your own email with our free tool.

Check my emailCheck a domain

  • Charter

    1 May 2026

    corporate.charter.com

    Charter Communications, a telecommunications company, was allegedly targeted by the ShinyHunters group in May 2026, exposing customer data including email addresses, phone numbers, usernames, physical addresses, purchase records, dates of birth, and geographic locations.

    49,295,990 records exposedTelecommunication

    Data types: Email addresses, Phone numbers, Usernames, Physical addresses, Purchases, Dates of birth, Geographic locations

  • CushmanWakefield

    1 May 2026

    cushmanwakefield.com

    Cushman & Wakefield, a real estate services firm, was targeted by the ShinyHunters group in May 2026, with data later published exposing corporate contact records including email addresses, names, job titles, company addresses, and phone numbers.

    1,098,755 records exposedFinance

    Data types: Email addresses, Names, Physical addresses, Phone numbers

  • AtlasMenu

    1 May 2026

    atlasmenu.net

    Atlas Menu, a GTA V and CS2 cheat service, was breached in May 2026 when an attacker allegedly gained access to all company systems and published the database online, exposing 64k unique email addresses along with usernames, IP addresses, support tickets, and bcrypt password hashes.

    64,085 records exposedEntertainment

    Data types: Email addresses, Passwords, Usernames, IP addresses, Support tickets

  • McGrawHill

    1 Apr 2026

    mheducation.com

    McGraw Hill, an education company, confirmed a breach in April 2026 following an extortion attempt, with over 100GB of data later publicly distributed exposing 14.4M unique email addresses along with some names, physical addresses, and phone numbers.

    14,430,356 records exposedEducation

    Data types: mail addresses, Names, Physical addresses, Phone numbers

  • PitneyBowes

    1 Apr 2026

    pitneybowes.com

    Pitney Bowes, a shipping and mailing services company, was allegedly breached in April 2026 by the ShinyHunters group, with data later released publicly exposing 8.3M unique email addresses along with names, phone numbers, and physical addresses.

    8,315,403 records exposedInformation Technology

    Data types: Email addresses, Names, Physical addresses, Phone numbers

  • CarnivalCorporation

    1 Apr 2026

    carnivalcorp.com

    Carnival Corporation, a cruise operator, was allegedly breached by the ShinyHunters group in April 2026, with data later published exposing 8.7M records containing 7.5M unique email addresses, along with names, dates of birth, genders, and loyalty program details related to the Holland America Mariner Society.

    7,549,706 records exposedHospitality

    Data types: Email addresses, Names, Genders, Dates of birth, Geographic locations

  • ADT

    1 Apr 2026

    adt.com

    ADT, a home security company, confirmed a breach in April 2026 by the ShinyHunters group, exposing 5.5M unique email addresses along with names, phone numbers, physical addresses, and in some cases dates of birth and the last four digits of Social Security or Tax ID numbers.

    5,501,080 records exposedInformation Technology

    Data types: Email addresses, Names, Phone numbers, Physical addresses, Partial government issued IDs

  • Amtrak

    1 Apr 2026

    amtrak.com

    Amtrak, a passenger rail service, was allegedly breached by the ShinyHunters hacking group in April 2026, exposing over 2M unique email addresses along with names, physical addresses, and customer support records.

    2,206,972 records exposedTransport

    Data types: Email addresses, Names, Physical addresses

  • MarcusMillichap

    1 Apr 2026

    marcusmillichap.com

    Marcus & Millichap, a real estate brokerage and advisory firm, was allegedly breached by the ShinyHunters group, exposing 1.8M email addresses along with personal information.

    1,878,051 records exposedFinance

    Data types: Email addresses, Names, Phone numbers, Usernames, Physical addresses

  • Udemy

    1 Apr 2026

    udemy.com

    Udemy, an online training platform, suffered a breach in April 2026 in an extortion attempt by the ShinyHunters group, with data later leaked publicly exposing 1.4M unique email addresses along with names, physical addresses, phone numbers, employer information, and instructor payout methods.

    1,402,639 records exposedEducation

    Data types: Email addresses, Names, Phone numbers, Physical addresses, Employers, Job titles

  • Abrigo

    1 Apr 2026

    abrigo.com

    Abrigo, a fintech software company, was targeted by the ShinyHunters group in April 2026, with data allegedly taken from its Salesforce instance later published publicly exposing over 779k unique email addresses along with employee and business contact information including names, institution names, and phone numbers.

    779,342 records exposedFinance

    Data types: Email addresses, Names, Physical addresses, Phone numbers

  • SongTrivia2

    1 Apr 2026

    songtrivia2.io

    SongTrivia2, a music trivia platform, was compromised in April 2026 with the data later published on a public hacking forum, exposing 291k unique email addresses from Google OAuth and site accounts, along with names, usernames, and bcrypt password hashes for non-OAuth users.

    291,815 records exposedEntertainment

    Data types: Email addresses, Names, Usernames, Passwords, Auth tokens

  • AmanResorts

    1 Apr 2026

    aman.com

    Aman, an ultra-luxury hotel brand, was allegedly targeted by the ShinyHunters group in April 2026 with data later leaked publicly, exposing over 262k unique email addresses along with some names, phone numbers, physical addresses, nationalities, dates of birth, and spouse names,.

    262,340 records exposedHospitality

    Data types: Email addresses, Names, Nationalities, Phone numbers, Email, Physical addresses, Spouses names

  • Zara

    1 Apr 2026

    zara.com

    Zara, a fashion retailer, was targeted by the ShinyHunters group in April 2026 following an alleged compromise linked to the Anodot analytics platform, with data later published exposing 197k unique email addresses alongside support ticket records, product SKUs, order IDs, and market information.

    256,847 records exposedRetail

    Data types: Email addresses, Geographic locations

  • Kemper

    1 Apr 2026

    kemper.com

    Kemper Corporation, an American insurance holding company, was targeted by the ShinyHunters group in April 2026, with data later published exposing 255K unique email addresses along with names, phone numbers, and physical addresses.

    255,390 records exposedFinance

    Data types: Email addresses, Geographic locations, Names, Phone numbers, Purchases

  • CanadaLife

    1 Apr 2026

    canadalife.com

    Canada Life, an insurance and financial services company, was targeted by the ShinyHunters group in April 2026, with data later published exposing over 238k unique email addresses along with names, phone numbers, physical addresses, and some customer support tickets.

    238,262 records exposedFinance

    Data types: Email addresses, Names, Physical addresses, Phone numbers

  • Vimeo

    1 Apr 2026

    vimeo.com

    Vimeo, a video hosting platform, was listed by the ShinyHunters group in April 2026 following a breach linked to third-party analytics vendor Anodot, with data later leaked publicly exposing 119k unique email addresses along with video titles, technical data, and metadata.

    121,476 records exposedEntertainment

    Data types: Email addresses, Names

  • MyLovelyAI

    1 Apr 2026

    mylovely.ai

    My Lovely AI, an NSFW AI companion platform, was compromised in April 2026, exposing over 106k users and leaking user-created prompts, and links to generated images.

    106,544 records exposedEntertainment

    Data types: Email addresses, Social media profiles

  • Mytheresa

    1 Apr 2026

    mytheresa.com

    Mytheresa, a luxury fashion e-commerce platform, was targeted by the ShinyHunters group in April 2026, with data later released publicly exposing 84k unique email addresses along with names, phone numbers, physical addresses, purchase records, and partial payment card details including card type, last four digits, and expiry date.

    84,370 records exposedRetail

    Data types: Email addresses, Names, Phone numbers, Physical addresses, Partial credit card data, Purchases

  • Addi

    1 Mar 2026

    addi.com

    Addi, a Colombian fintech company, identified unauthorized activity in March 2026 with the ShinyHunters group, later publishing a large dataset allegedly obtained from the company, exposing 25M unique email addresses along with government ID numbers, purchases, and other credit-related information.

    25,934,104 records exposedFinance

    Data types: Email addresses, Names, Government issued IDs, IP addresses, Phone numbers, Physical addresses, Purchases

  • ZenBusiness

    1 Mar 2026

    zenbusiness.com

    ZenBusiness, a business formation and compliance platform, was allegedly breached by the ShinyHunters group in March 2026, with multiple terabytes of data later released publicly exposing approximately 12M unique email addresses along with names, phone numbers, support records, lead data, and other CRM-related information.

    11,854,655 records exposedFinance

    Data types: Email addresses, Names, Usernames, Phone numbers, Physical addresses

  • CalAI

    1 Mar 2026

    calai.app

    Cal AI, an AI-powered calorie tracking app, was breached in March 2026, exposing over 3M user records including more than 2.8M unique email addresses, names, dates of birth, genders, usernames, and linked social media profiles.

    2,830,009 records exposedInformation Technology

    Data types: Email addresses, Genders, Dates of birth, Usernames, Social media profiles

  • Hallmark

    1 Mar 2026

    hallmark.com

    Hallmark, a greeting card and media company, experienced an alleged breach and extortion incident in March 2026 involving data stored in Salesforce, with the data later published exposing 1.8M unique email addresses across Hallmark and Hallmark+ accounts, along with names, phone numbers, and physical addresses.

    1,796,130 records exposedRetail

    Data types: Email addresses, Names, Phone numbers, Physical addresses

  • Baydoner

    1 Mar 2026

    baydoner.com

    Baydöner, a Turkish restaurant chain, was compromised in March 2026 with data later published on a public hacking forum, exposing over 1.2M unique email addresses along with names, phone numbers, cities of residence, plaintext passwords, and in some cases national ID numbers and dates of birth.

    1,257,021 records exposedFood

    Data types: Email addresses, Genders, Dates of birth, Names, Passwords

  • TLDRtech

    1 Mar 2026

    TLDR.Tech

    TLDR.tech, a tech newsletter platform, had data exposed via an Apollo enrichment API endpoint in March 2026, leaking over 1.2M user records including email addresses, names, usernames, geographic locations, and linked social media profiles.

    1,230,792 records exposedNews Media

    Data types: Email addresses, Names, Usernames, Geographic locations, Social media profiles

  • Aura

    1 Mar 2026

    aura.com

    Aura, an online safety service, disclosed a breach in March 2026 that exposed 900k unique email addresses, with data primarily linked to a marketing tool from an acquired company; the incident included names, phone numbers, and physical and IP addresses.

    922,685 records exposedInformation Technology

    Data types: Email addresses, Names, Phone numbers, Physical addresses, IP addresses

  • Ameriprise

    1 Mar 2026

    ameriprise.com

    Ameriprise Financial, a financial services firm, was targeted by the ShinyHunters group in March 2026, with data later published exposing 500k unique email addresses along with names, phone numbers, physical addresses, and employer information.

    459,362 records exposedFinance

    Data types: Email addresses, Financial transactions, Job titles, Phone numbers, Names, Physical addresses

  • Breachforums.V5

    1 Mar 2026

    breachforums.bf

    BreachForums Version 5, a hacking forum, was publicly exposed in March 2026, leaking 340k unique email addresses along with usernames and Argon2 password hashes.

    340,218 records exposedMiscellaneous

    Data types: Email addresses, Usernames, Passwords

  • CFGI

    1 Mar 2026

    cfgi.com

    CFGI, a consulting and advisory firm, disclosed a data breach in March 2026 that exposed over 800k records, including more than 40k financial documents and internal corporate data. Of these, 250k were unique email addresses. The compromised data included names, phone numbers, physical addresses, usernames, and geographic locations.

    250,514 records exposedFinance

    Data types: Email addresses, Phone numbers, Names, Physical addresses, Usernames, Geographic locations,

  • CutiesAI

    1 Mar 2026

    cuties.ai

    Cuties AI, an NSFW AI companion platform, was compromised in March 2026 with the data later published on a public hacking forum, exposing 153k unique email addresses along with display names, avatars, prompts and descriptions used to generate images, and URLs to the generated content.

    153,765 records exposedEntertainment

    Data types: Email addresses, Names

Breach data provided by XposedOrNot.