ShinyHunters is a cybercriminal group of unknown origin that is motivated by financial gain.
ShinyHunters is a cybercriminal group of unknown origin that is motivated by financial gain. The group is known for its sophisticated attacks against a wide range of targets, including businesses, organizations, and government agencies. ShinyHunters typically uses phishing attacks and exploit kits to gain access to victim networks, where they deploy malware to steal sensitive data, such as names, addresses, phone numbers, Social Security numbers, and credit card information.
Home medical equipment provider AdaptHealth disclosed a material cybersecurity incident in which a social-engineering attack on a third-party contractor let a threat actor into its cloud systems and reach patient personal and health information.
Medical device maker Medtronic began notifying roughly 3.8 million people that their personal data was exposed when the ShinyHunters extortion group accessed its corporate IT systems in April 2026.
Nissan's Americas operations disclosed that attackers exploiting a zero-day in Oracle PeopleSoft accessed sensitive data belonging to current and former employees in the United States, Canada, Mexico and Brazil.
The National Association of Insurance Commissioners disclosed on 23 June 2026 that attackers exploited an Oracle PeopleSoft zero-day to access part of its environment, and by 25 June the extortion group ShinyHunters had published the stolen data online, claiming more than 3.1 terabytes.
Victim
National Association of Insurance Commissioners (NAIC)
Imaging and materials company Eastman Kodak confirmed that an unauthorised third party temporarily accessed a limited amount of company data, after the ShinyHunters extortion gang listed Kodak on its dark-web leak site and claimed to hold more than 2.2 million records of customer and internal corporate data.
The ShinyHunters extortion gang published data it claims to have stolen from Madison Square Garden Sports β owner of the New York Knicks and Rangers β after the company missed a ransom deadline.
The extortion group ShinyHunters claimed it stole roughly 297GB of payroll, HR and financial records belonging to more than 10,000 current and former Council of Europe staff by exploiting the Oracle PeopleSoft zero-day CVE-2026-35273, prompting the intergovernmental body to investigate.
The University of Nottingham confirmed a cyber incident after the ShinyHunters extortion group claimed to have stolen around 40 GB of data from its student-records system, exposing roughly 455,000 email addresses along with names, passport numbers, and fee-payment details.
Oracle issued an emergency out-of-band alert after the ShinyHunters crew exploited a critical unauthenticated remote-code-execution zero-day in PeopleSoft PeopleTools to steal data from more than 100 organisations, most of them universities.
After negotiations stalled, the ShinyHunters extortion crew published data it claimed to have stolen from Baker Distributing's Salesforce and SharePoint systems, exposing more than 100,000 customer email addresses and contact records.
Dental benefits administrator DentaQuest confirmed a network breach after the extortion group ShinyHunters leaked roughly 234 GB of stolen data, exposing personal, identity, and health-insurance information tied to about 2.6 million accounts.
ShinyHunters exploited Canvas's Free-For-Teacher account programme to exfiltrate 3.65 TB of data spanning approximately 275 million users across nearly 9,000 schools β names, email addresses, student IDs, and some private messages between students and teachers. Instructure reportedly paid the ransom and the data was destroyed.
A threat cluster tracked as UNC5537 / ShinyHunters used credentials harvested by infostealer malware to log into ~160 Snowflake customer tenants that lacked MFA. Victims included AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, and Bausch Health. Ticketmaster alone exposed data for ~560 million users.
Victim
Snowflake customer tenants (~160 organisations: AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, Bausch Health, et al.)