The American insurance holding company Kemper Corporation was explicitly named by the ShinyHunters ransomware group in a severe "pay or leak" extortion campaign in April 2026. The breach notification service Have I Been Pwned (HIBP) added 269.300 unique email addresses to its database on May 28, 2026. Following the initial extortion demands, ShinyHunters said it holds at least 29GB of exfiltrated data and over 13 million Kemper records from the company’sSalesforceaccount. The threat actors claimed this massive dump included internal directory data, comprehensive Salesforce records, and sensitive Stripe payment logs. The compromised data categoriesidentified inthis breach include: The threat actors allegedly bypassed access controls to compromise Kemper's Salesforce environment throughsocial engineeringtactics as part of a broader campaign targeting hundreds of organizations with the same access vector. In response to thedata breach, Kemper Corporationofficially confirmedthe cybersecurity incident. To mitigate the ongoing threat and secure their network perimeter, the organization engaged third-party cybersecurity experts and notified appropriate law enforcement agencies. Last month, the threat actor said it used the Trivy supply chain compromiseto infiltrate Cisco, asserting it gained access to over 3 million Salesforce records containing personally identifiable information (PII), GitHub repositories, AWS buckets, and other private corporate data. In March, ShinyHunters claimed to have compromised data fromSnowflake, Okta, Sony, AMD, Lastpass, and Salesforcevia a massive Salesforce intrusion. In November 2025, ShinyHunters said it stole Salesforce data byinfiltrating third-party Gainsightand announced “almost 1,000” victims. Around the same time, the hacking collectiveScattered LAPSUS$ Hunters emergedas the new Extortion-as-a-Service cybercriminal alliance. Among other recent ShinyHunters breaches leveraging the Salesforce incident are theAmeriprise Financial data breachexposing over 502,000 accounts nd theHallmark data breachexposing 1.7 million customers. In other news,Carnival Corp recently announcedthat its April data breach was due to social engineering, following ShinyHunters' claim that it had stolen 8.7 million records from the global cruise operator. Get expert insights on threats, breaches, scams, and security trends — delivered every Monday. Get expert insights on threats, breaches, scams, and security trends — delivered every Monday. Get expert insights on threats, breaches, scams, and security trends — delivered every Monday. Please enter a valid email address. TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world. © 2026 TechNadu. All Rights Reserved. TechNadu is a part ofLeaprove Media LLP. This website uses cookies to ensure you get the best experience on our website.