Home > Security > Security News

140,000 Records Leaked in Ralph Lauren ShinyHunters Salesforce Breach

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
One unlocked padlock among locked padlocks
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Extortion Campaign: ShinyHunters targeted fashion retailer Ralph Lauren in a June 2026 "pay or leak" extortion attack.
  • Data Published: The group leaked hundreds of gigabytes of data allegedly taken from Ralph Lauren's Salesforce instance.
  • Records Exposed: The leak exposed almost 140,000 unique email addresses, along with names, phone numbers, and more.

Roughly 140,000 Ralph Lauren breached accounts were added to the breach notification service Have I Been Pwned (HIBP) on June 18, 2026. The fashion retailer was targeted by the ShinyHunters hacking group in a June 2026 extortion campaign. The threat actors deployed a "pay or leak" strategy, demanding payment before publishing stolen data they claimed to have obtained from the company.

What Data Was Exposed in the Ralph Lauren Breach

The leaked dataset contained 139,903 unique email addresses and associated identifiers. According to HIBP, the compromised data categories were:

ShinyHunters announces a Ralph Lauren intrusion | Source: HackManac on X
ShinyHunters announces a Ralph Lauren intrusion | Source: HackManac on X

The Ralph Lauren data breach claim was observed on June 11, with ShinyHunters alleging ownership of customer personally identifiable information (PII), purchase and transaction records, and documents containing plans for unreleased products and collections.

ShinyHunters Claimed Ralph Lauren

ShinyHunters subsequently published hundreds of gigabytes of data, which the group claimed was sourced from Ralph Lauren's Salesforce instance under a "pay or leak" model. 

By centering the attack on a Salesforce environment, the campaign aligns with the broader pattern of ShinyHunters' activity targeting cloud-based CRM platforms, including the data breaches at Infinite Campus and Kemper Corporation.

The incident adds Ralph Lauren to the growing list of organizations named in ShinyHunters extortion activity, with other recent incidents including the recent Amazon One Medical compromise, the confirmed Kodak intrusion, and the Council of Europe data breach.

Add a Comment
Related
Klue Supply Chain Breach: Icarus Steals Salesforce Data From Huntress
Bulgaria Let Circles Export Surveillance Tech to Repressive Regimes, Human Rights Watch Says
New York Man Charged With AI-Image Cyberstalking in Georgia
data breach
Nintendo Confirms TinyPulse Data Stolen in Shadowbyt3$ Extortion Attack
Healthcare Data Breach Email Nurse
Amazon’s One Medical Senior Health Announces Data Breach, ShinyHunters Claims Stealing 8.8 TB
Dutch Police Arrest Six in Amsterdam Bank Helpdesk Fraud Raid
Most Popular
Protection against Ransomware
The Growing and Real Threat of Ransomware: Trends, Tactics, and Staying Ahead
Klue Supply Chain Breach: Icarus Steals Salesforce Data From Huntress
Proton VPN 5th Audit & Infrastructure Review Confirms No-Logs Policy
Proton VPN Passes its Independent No-Logs Audit for 5th Consecutive Year
Bulgaria Let Circles Export Surveillance Tech to Repressive Regimes, Human Rights Watch Says
New York Man Charged With AI-Image Cyberstalking in Georgia
data breach
Nintendo Confirms TinyPulse Data Stolen in Shadowbyt3$ Extortion Attack
The Growing and Real Threat of Ransomware: Trends, Tactics, and Staying Ahead
Klue Supply Chain Breach: Icarus Steals Salesforce Data From Huntress
Proton VPN Passes its Independent No-Logs Audit for 5th Consecutive Year
Bulgaria Let Circles Export Surveillance Tech to Repressive Regimes, Human Rights Watch Says
New York Man Charged With AI-Image Cyberstalking in Georgia
Nintendo Confirms TinyPulse Data Stolen in Shadowbyt3$ Extortion Attack

Most Popular
Protection against Ransomware
The Growing and Real Threat of Ransomware: Trends, Tactics, and Staying Ahead
Klue Supply Chain Breach: Icarus Steals Salesforce Data From Huntress
Proton VPN 5th Audit & Infrastructure Review Confirms No-Logs Policy
Proton VPN Passes its Independent No-Logs Audit for 5th Consecutive Year
Bulgaria Let Circles Export Surveillance Tech to Repressive Regimes, Human Rights Watch Says
New York Man Charged With AI-Image Cyberstalking in Georgia
data breach
Nintendo Confirms TinyPulse Data Stolen in Shadowbyt3$ Extortion Attack
The Growing and Real Threat of Ransomware: Trends, Tactics, and Staying Ahead
Klue Supply Chain Breach: Icarus Steals Salesforce Data From Huntress
Proton VPN Passes its Independent No-Logs Audit for 5th Consecutive Year
Bulgaria Let Circles Export Surveillance Tech to Repressive Regimes, Human Rights Watch Says
New York Man Charged With AI-Image Cyberstalking in Georgia
Nintendo Confirms TinyPulse Data Stolen in Shadowbyt3$ Extortion Attack

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: