High

Fluke Breach: 821K Customer Records Exposed (2026)

In July 2026, electronic test and measurement equipment company Fluke was targeted in a ShinyHunters "pay or leak" extortion campaign . The group subsequently published more than 100GB of data allegedly taken from the company. The corpus contained largely corporate contact information, including ove...

Overview

In July 2026, the ShinyHunters hacking group launched a “pay or leak” extortion campaign against Fluke, the electronic test and measurement equipment manufacturer. The group published over 100GB of data allegedly stolen from the company, including more than 821,000 unique records containing customer contact information. The leaked dataset was reported to Have I Been Pwned (HIBP), where affected individuals can verify their exposure. This breach is notable not only for its scale - Fluke operates in the industrial and scientific equipment space - but also for the sensitive nature of the detailed contact information and support case histories now circulating on the dark web.

What Was Exposed

The exposed dataset contains four key data types:

  • Email Addresses - 821,100 unique addresses, enabling credential-stuffing and phishing attacks.
  • Names - Full names linked to email addresses, making personalized phishing more convincing.
  • Phone Numbers - Direct contact numbers for voice or SMS-based social engineering.
  • Physical Addresses - Home or business addresses, which can be used for doxxing, fraud, or physical targeting.

Additionally, the leaked data includes a large collection of support cases, which may contain sensitive conversations about equipment configurations, operational details, or personal troubleshooting history. This adds a layer of risk beyond basic contact info.

How the Breach Happened

ShinyHunters is a well-known extortion group that typically gains initial access through stolen credentials, phishing, or exploiting unpatched vulnerabilities. While Fluke has not disclosed the exact attack vector, the group’s modus operandi involves exfiltrating large datasets and then threatening to publish them unless a ransom is paid. The 100GB data dump suggests Fluke’s systems were thoroughly compromised, with attackers extracting not just customer records but potentially internal business data as well. Companies in the industrial technology sector are increasingly targeted for such extortion, as their customer bases often include critical infrastructure operators and government agencies.

Account Takeover Risks

With email addresses and names exposed, affected users face elevated risks of credential-based attacks. Attackers may attempt to:

  • Use email addresses in credential-stuffing attacks against other services (banking, email, social media).
  • Send highly convincing phishing emails referencing Fluke support case details.
  • Exploit any shared passwords between Fluke accounts and other platforms.

If you used the same password for your Fluke account on any other service, that account is now at risk of takeover.

Identity Theft Risks

While this breach does not include Social Security numbers or financial information, the combination of name, address, and phone number is valuable for identity theft. Fraudsters can use this data to:

  • Open utility accounts or apply for credit cards in your name.
  • Initiate SIM-swapping attacks by providing your personal details to mobile carriers.
  • File fraudulent tax returns or unemployment claims.

Physical addresses also raise the risk of targeted phishing via postal mail - look out for fake Fluke warranty or product recall notices.

How to Check If You’re Affected

Visit haveibeenpwned.com and search for your email address. If Fluke appears in your results, assume your contact data has been exposed. You can also check the specific breach page at HIBP Fluke Breach for more details.

Recommendations

If you’re affected, take these steps immediately:

  1. Change your Fluke password - if you still have an active account, use a unique, strong password.
  2. Enable multi-factor authentication (MFA) on your Fluke account and any other accounts that share the same email.
  3. Monitor for phishing - be wary of emails claiming to be from Fluke, especially those referencing support case numbers or offering “security updates.”
  4. Freeze your credit - while SSNs weren’t exposed, the combination of name, address, and phone number can enable fraud. Place a fraud alert or credit freeze with the three major bureaus (Equifax, Experian, TransUnion).
  5. Watch for SIM-swap attempts - if your phone service suddenly drops, contact your carrier immediately.

Security Insight

This breach underscores why industrial equipment manufacturers must treat customer support data as highly sensitive - support case histories often contain operational details that could aid attackers in social engineering against critical infrastructure clients. Fluke’s decision to store and later expose over 800k customer records without apparent encryption at rest suggests a gap in their data security posture, especially concerning for a company whose products are used in utilities, manufacturing, and government sectors. The ShinyHunters playbook of extorting industrial companies without ransomware deployment is becoming increasingly common, as seen in recent breaches targeting cybersecurity news and manufacturing firms globally.

Further Reading

Investigate Breaches Safely with NordVPN

Researching exposed data, paste sites, or threat actor infrastructure? Route your OSINT traffic through a VPN to avoid attribution and keep your investigation IP separate from your corporate network.

Get NordVPN for Research

Affiliate link — we may earn a commission at no extra cost to you.

Share:

Never miss a data breach report

Get real-time security alerts delivered to your preferred platform.

Related Breach Reports

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.