shinyhunters
Known ransomware group ACTIVE Active · high-tempo
ShinyHunters is a data-theft and extortion collective active since 2020, best known for breaching and selling large customer databases from major tech and retail companies on cybercrime forums. It has been tied to a string of high-profile cloud and SaaS breaches.
17
Total Claims
5
Critical
—
Records Claimed
8
Industries Hit
Active span: Apr 11, 2026 – Jun 9, 2026 · 17 organizations targeted
Active · high-tempo
Actor Threat Profile
Activity Timeline
Peak: May 2026 (9)Apr 2026
LessMore
Jun 2026Share this profile
Top Targeted Industries
Education 6
Healthcare 3
Financial Services 2
Business Services 2
Telecommunication 1
Technology 1
Tradecraft & Infrastructure
0
Documented tools
6 / 7
MITRE tactics / techniques
4
Known leak sites
Targeted Organizations
nottingham.ac.ukDentaQuest, LLC.DentaQuest, LLCDentaQuest.comCharter Communications, Inc.Houghton Mifflin Harcourt CompanyAdelante Soluciones Financieras (Addi.com)Entire list of affected schools by Instructure breachInstructure Holdings, Inc. (Canva LMS, instructure.com)Cushman & Wakefield Inc.TOWERPOINT WEALTH, LLCFollett Software LLCVimeo, Inc.ADT, Inc. (adt.com)Udemy, Inc. (udemy.com)National Railroad Passenger Corporation (amtrak.com)Mytheresa
Claims by shinyhunters
Low
40 GB leaked Ransomware Claim: nottingham.ac.uk
nottingham.ac.uk
shinyhunters
Ransomware Education
Jun 10, 2026 Critical
234 GB leaked Ransomware Claim: DentaQuest, LLC.
DentaQuest, LLC.
shinyhunters
Ransomware Healthcare
May 30, 2026 Critical
Ransomware Claim: DentaQuest, LLC
DentaQuest, LLC
shinyhunters
Ransomware Healthcare
May 28, 2026 Critical
Ransomware Claim: DentaQuest.com
DentaQuest.com
shinyhunters
Ransomware Healthcare
May 23, 2026 Low
Ransomware Claim: Charter Communications, Inc.
Charter Communications, Inc.
shinyhunters
Ransomware Telecommunication
May 23, 2026 Low
Ransomware Claim: Houghton Mifflin Harcourt Company
Houghton Mifflin Harcourt Company
shinyhunters
Ransomware Education
May 10, 2026 Critical
518 GB leaked Ransomware Claim: Adelante Soluciones Financieras (Addi.com)
Adelante Soluciones Financieras (Addi.com)
shinyhunters
Ransomware Financial Services
May 5, 2026 Low
Ransomware Claim: Entire list of affected schools by Instructure breach
Entire list of affected schools by Instructure breach
shinyhunters
Ransomware Education
May 5, 2026 High
3.6 TB leaked Ransomware Claim: Instructure Holdings, Inc. (Canva LMS, instructure.com)
Instructure Holdings, Inc. (Canva LMS, instructure.com)
shinyhunters
Ransomware Education
May 4, 2026 Low
Ransomware Claim: Cushman & Wakefield Inc.
Cushman & Wakefield Inc.
shinyhunters
Ransomware Business Services
May 3, 2026 Critical
Ransomware Claim: TOWERPOINT WEALTH, LLC
TOWERPOINT WEALTH, LLC
shinyhunters
Ransomware Financial Services
May 1, 2026 Low
Ransomware Claim: Follett Software LLC
Follett Software LLC
shinyhunters
Ransomware Education
May 1, 2026 Medium
Ransomware Claim: Vimeo, Inc.
Vimeo, Inc.
shinyhunters
Ransomware Technology
Apr 28, 2026 Medium
Ransomware Claim: ADT, Inc. (adt.com)
ADT, Inc. (adt.com)
shinyhunters
Ransomware Business Services
Apr 24, 2026 Medium
Ransomware Claim: Udemy, Inc. (udemy.com)
Udemy, Inc. (udemy.com)
shinyhunters
Ransomware Education
Apr 24, 2026 Medium
Ransomware Claim: National Railroad Passenger Corporation (amtrak.com)
National Railroad Passenger Corporation (amtrak.com)
shinyhunters
Ransomware Transportation/Logistics
Apr 12, 2026 Medium
Ransomware Claim: Mytheresa
Mytheresa
shinyhunters
Ransomware Consumer Services
Apr 12, 2026