High

Moody Bible Institute Breach: 2.3M Records Exposed (2026)

In June 2026, Moody Bible Institute was targeted by a ShinyHunters "pay or leak" extortion campaign . Over 2.3M unique email addresses and other personal data were later published publicly, including names, physical addresses, phone numbers, dates of birth and other information relating to donors, s...

Overview

In June 2026, Moody Bible Institute became the target of a ShinyHunters “pay or leak” extortion campaign. The threat actor accessed and published a database containing over 2.3 million unique email addresses and personal information tied to donors, supporters, students, and alumni. The exposed data included names, physical addresses, phone numbers, and dates of birth - a combination that significantly elevates identity theft risk for affected individuals. Moody Bible confirmed the breach in a disclosure notice, stating they had “engaged both internal and external cybersecurity experts to thoroughly investigate the matter.” The breach was reported to Have I Been Pwned, meaning affected individuals can now check if their data was included.

What Was Exposed

The exposed records contain the following personally identifiable information (PII):

  • Email Addresses: 2,303,416 unique addresses - every record includes one, making email the primary identifier.
  • Names: Full names associated with each email.
  • Physical Addresses: Street addresses, cities, states, and ZIP codes - enough for geolocation and mail fraud.
  • Phone Numbers: Direct contact numbers, increasing spam and phishing call risks.
  • Dates of Birth: Combined with names and addresses, this data is a goldmine for identity thieves.

No financial data (credit cards, bank accounts) or Social Security numbers were confirmed in this leak, which limits direct financial fraud potential. However, the breadth of PII - especially DOBs tied to physical addresses - is sufficient for opening fraudulent accounts at many financial institutions that rely on knowledge-based authentication.

Who’s Actually Affected

While Moody Bible Institute is the named victim, the breach impacts a broader community:

  • Donors and supporters - Not just current students or staff. If you’ve given money, signed up for newsletters, or attended events, your data could be in this set.
  • Alumni - Graduates with outdated contact information are still affected if the database was never cleansed.
  • Students and applicants - Current and former students, plus anyone who applied but didn’t enroll.

This is a supply-chain-esque scenario: individuals who trusted Moody Bible with their data are now exposed, regardless of their current relationship with the institute. The ShinyHunters group is known for targeting religious and educational organizations, which typically store legacy data that predates modern security controls.

How the Breach Happened

ShinyHunters is a notorious extortion group that specializes in “pay or leak” campaigns. While Moody Bible has not disclosed the specific attack vector, this group commonly exploits:

  • Unpatched vulnerabilities in web applications or content management systems.
  • Compromised credentials for administrative accounts, often obtained through prior breaches or phishing.
  • Misconfigured cloud databases - a recurring pattern in ShinyHunters attacks against nonprofit and educational institutions.

The group demands a ransom in exchange for not publishing the data. When Moody Bible refused to pay (as most organizations advisedly do), ShinyHunters released the full dataset on public forums, ensuring maximum exposure.

What to Do Right Now

Affected individuals should take these steps immediately:

  1. Check if you’re affected - Visit haveibeenpwned.com and search for your email address. If it appears in this breach, you are in the dataset.

  2. Freeze your credit - At minimum, contact the three major credit bureaus (Experian, Equifax, TransUnion) and place a security freeze. This prevents criminals from opening accounts in your name even if they have your DOB and address.

  3. Enable two-factor authentication (2FA) on every account that supports it, especially email, banking, and social media. With your email and personal details public, attackers can attempt password resets or phishing attacks.

  4. Watch for targeted phishing - Scammers now have your name, address, phone number, and email. Expect personalized voice calls, texts, and emails pretending to be Moody Bible, your bank, or a charity. Never click links in unsolicited messages.

  5. Report identity theft - If you see unauthorized accounts or credit checks, file a report with the Federal Trade Commission at identitytheft.gov.

Security Insight

This breach reveals a dangerous gap in how many religious and educational institutions manage donor and alumni data. Unlike customer-facing companies that prioritize cybersecurity, nonprofits often store decades of legacy PII with minimal segmentation or encryption. Moody Bible’s quick engagement of experts is commendable, but the fact that 2.3 million records - including sensitive DOBs and addresses - were accessible to a single extortion group highlights a systemic failure to apply basic data minimization and access control principles. For donors, this is a stark reminder: if an organization asks for your personal data, ask how it’s protected - because once it leaks, they can’t unring the bell. This incident mirrors similar attacks on educational institutions and religious nonprofits that have been targeted by ShinyHunters in recent years.

Further Reading

Investigate Breaches Safely with NordVPN

Researching exposed data, paste sites, or threat actor infrastructure? Route your OSINT traffic through a VPN to avoid attribution and keep your investigation IP separate from your corporate network.

Get NordVPN for Research

Affiliate link — we may earn a commission at no extra cost to you.

Share:

Never miss a data breach report

Get real-time security alerts delivered to your preferred platform.

Related Breach Reports

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.