Skip to content
Cyber Breaches
Search
Data breachResolved

BCD Travel data breach (2026)

In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses.

Victim
BCD Travel
records
396.3K
SectorMedia

Imported from Have I Been Pwned — pending editorial review and translation to French. The summary below is machine-extracted; consult the source for details.

In 2026-05-29, BCD Travel was affected by a data breach. Approximately 396,313 accounts were exposed. In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses.

Sources

  1. haveibeenpwned.comhttps://haveibeenpwned.com/PwnedWebsites#BCDTravel
  2. bcdtravel.comhttps://bcdtravel.com

Related incidents

Data breachResolved

Cushman & Wakefield data breach (2026)

In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with…

Victim
Cushman & Wakefield
Records
310.4K
Data breachContained

Acrimed: online shop hit by a cyberattack

On 29 April 2026, French media-criticism association Acrimed disclosed a cyberattack on its online shop that exposed customers' email addresses, encrypted passwords and order history; names, postal addresses, phone numbers and banking details were said to be unaffected.

Victim
Acrimed
Data breachResolved

CTT data breach (2026)

In April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum. The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to retrieve the tracking history of the parcel.

Victim
CTT
Records
468.1K
Data breachResolved

ADT data breach (2026)

In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses.

Victim
ADT
Records
5.5M