Hallmark Breach: 1.7M Emails & Addresses Exposed (2026)

Overview

In March 2026, Hallmark confirmed a data breach affecting 1,736,520 customer accounts after attackers gained access to data stored within the company’s Salesforce environment. The threat actors demanded an extortion payment, and when the deadline passed, they published the stolen data online. The breach impacted both Hallmark’s main customer database and accounts tied to the Hallmark+ streaming service. This incident was reported to Have I Been Pwned, allowing affected users to verify their exposure.

What Was Exposed

The exposed data set includes personally identifiable information (PII) that poses significant privacy and security risks:

• Email addresses (primary contact and account identification)
• Full names (first and last)
• Phone numbers (direct contact channel)
• Physical addresses (street, city, state, ZIP)

Notably, the breach did NOT include financial data like credit card numbers, Social Security numbers, or passwords. This limits some of the highest-impact risks but leaves victims vulnerable to targeted phishing, social engineering, and physical mail scams.

Account Takeover Risks

Without passwords or financial data, direct account takeover is unlikely unless Hallmark accounts reuse credentials from other breaches. However, the combination of email addresses, phone numbers, and physical addresses creates powerful vectors for:

• Personalized phishing emails that reference your Hallmark purchases or streaming history
• Phone-based social engineering (vishing) using your name and address for credibility
• Physical mail scams that appear legitimate because they know your postal address
• SIM-swapping attacks if the threat actor pairs your phone number with other leaked data

What to Do Right Now

Immediate actions for affected Hallmark customers:

1. Check if you’re affected by visiting Have I Been Pwned and searching your email address
2. Do NOT reuse passwords across different services - if your Hallmark password matches another account, change both immediately
3. Enable two-factor authentication (2FA) on any account where it’s available, especially email and banking
4. Watch for phishing emails claiming to be from Hallmark or related brands - do not click links or download attachments
5. Be skeptical of unsolicited phone calls asking you to verify account details, even if they know your name and address

Within six months, consider freezing your credit with all three major bureaus (Equifax, Experian, TransUnion) if you have not already done so.

How to Check If You’re Affected

The breach data is searchable through Have I Been Pwned. Enter the email address you used for Hallmark or Hallmark+. If your account appears in the breach, you will see the date of exposure and the types of data compromised. Hallmark has not yet published a direct lookup tool on their website, so HIBP remains the most reliable verification method for consumers.

Security Insight

This breach reveals a critical vulnerability in how companies secure third-party platform integrations. Salesforce is a widely used customer relationship management tool, but misconfigured access controls or API exposures can turn it into a single point of failure. Compared to other recent retail breaches, Hallmark’s relatively quick disclosure and avoidance of payment data exposure are positive steps, but the sheer volume of PII published after extortion demonstrates that companies handling sensitive customer data must implement stronger encryption-at-rest and access monitoring. The extortion element also highlights a growing trend: attackers who cannot monetize data through direct fraud will pivot to extortion, making data classification and breach response preparation essential for all organizations.

Further Reading

• All High Breaches
• Recent Data Breaches