Track newly reported US data breaches from official sources, with exposed data, affected counts, and plain-English next steps when attorney review may apply.
TechCrunch reported that hackers stole student data during a breach at education technology company Instructure, which is widely known for its Canvas platform.
Every breach links back to the official report — SEC filings, state attorneys general, news, and security researchers.
We explain what was exposed and what it means for you. No legalese, no jargon.
If attorneys are investigating, you may have a potential claim for attorney review. Registration expresses interest only; it is not class membership or representation.
Canada Life suffered a data breach in April 2026 when the ShinyHunters group stole and published data on over 237,000 customers, including names, email addresses, phone numbers, physical addresses, and support tickets.
In May 2026, real estate services firm Cushman & Wakefield had data on approximately 310,000 accounts exposed after the ShinyHunters group carried out an extortion campaign and published stolen corporate contact records.
In April 2026, Zara was targeted by the ShinyHunters extortion group, exposing approximately 197,000 unique email addresses along with purchase and support ticket data linked to a compromise of the Anodot analytics platform.
Woflow, an AI-driven merchant data platform, had data on approximately 447,593 accounts exposed after the ShinyHunters extortion group published files allegedly stolen from the company in March 2026.
LegionProxy, a commercial residential and ISP proxy network, suffered a data breach in April 2026 that exposed approximately 10,000 accounts including email addresses, names, bcrypt password hashes, and purchase records.
In April 2026, the ShinyHunters extortion group published data from a third-party analytics vendor breach affecting approximately 119,000 Vimeo user email addresses and names.
Reborn Gaming, an online gaming community, suffered a data breach in April 2026 that exposed 126 accounts' email addresses, IP addresses, and Steam IDs due to a vulnerability in cPanel and WHM.
Marcus & Millichap, a commercial real estate brokerage, had data on approximately 1.8 million individuals exposed after being named as an alleged victim of the ShinyHunters hacking group in April 2026.
ZenBusiness, a business formation platform, had data on approximately 5.1 million accounts exposed after the hacker group ShinyHunters claimed to have exfiltrated records from multiple platforms and publicly released the data following an unpaid ransom demand.
Aman, an ultra-luxury hotel brand, suffered a data breach in April 2026 when ShinyHunters obtained customer records from their Salesforce CRM and later leaked them publicly.
Udemy suffered a data breach affecting 1.4 million accounts, with customer and instructor information including email addresses, names, addresses, phone numbers, and payment methods exposed.
SUCCESS, a personal development media brand, suffered a data breach in March 2026 exposing approximately 253,510 accounts with names, email addresses, phone numbers, and other personal information.