ShinyHunters dumps Mytheresa, Zara, Carnival, 7-Eleven data in fresh leak wave

Published: 23 April 2026
Last updated: 23 April 2026
Shiny Hunters victims
Images by Getty Images | Shutterstock

ShinyHunters appeared to go on a ransomware tear Wednesday, dumping records tied to every victim listed on its leak site, including new addition Mytheresa and high-profile brands Zara, Carnival, and 7-Eleven.

Key takeaways:
  • ShinyHunters didn’t stop at threats — it appears to have emptied its entire victim board in one sweep.
  • Luxury retailer Mytheresa is now in the mix, joining a leak wave that already touched Zara, Carnival, and 7-Eleven.
  • With 40 victims now exposed, the gang is signaling it will keep stolen data online "indefinitely."
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

The extortion group made good on its promise to publish reams of data it claims to have stolen from the four victims – roughly 38 million records in total, as well as “terabytes” of internal corporate data.

ADVERTISEMENT

Pilfered data from two other well-known companies targeted by the group last week were also published along with a download link, including Pitney Bowes and The Canada Life Assurance Company.

ShinyHunters victims
Screenshot of ShinyHunters leak site taken on April 22, 2026. Image by Cybernews

Greeting card giant Hallmark was also stamped with a bright orange badge that reads “New,” although the group is alleged to have released the company’s 8 million records in mid-April.

In total, the data from 40 victims appearing on the ShinyHunters site has now been leaked, with the earliest victim listed on January 23rd, 2026.

Luxury brand Mytheresa joins the mix

The gang’s most recently listed victim – the high-end online retailer Mytheresa was reportedly breached by the ransomware operators on April 12th, yet only showed up on the leak site on Wednesday.

Mytheresa
Data from luxury online retailer Mytheresa was dumped by ShinyHunters. Jan Woitas/picture alliance via Getty Images

The German-based luxury e-commerce boutique offers over 200 high-end designer brands on its digital platform, including Bottega Veneta, Dolce&Gabbana, Gucci, Moncler, Prada, and Saint Laurent.

ADVERTISEMENT

ShinyHunters had originally given Mytheresa a final warning to reach out to negotiate its ransom demand by April 14th, threatening to “leak along with several annoying (digital) problems that’ll come your way.”

The compromised data was said to include “sensitive customer PII and transactional history,” the group said, urging Mytheresa to “Make the right decision,” warning that the group would leak the data unless they paid up.

ShinyHunters Mytheresa
Mytheresa was allegedly breached on April 12, 2026. ShinyHunters leak site. Image by Cybernews

Zara, Carnival, 7-Eleven now among leaked victims

Meanwhile, Zara, Carnival, and 7-Eleven had been handed their own April 21st leak deadline by the ransomware group.

Zara and 7-Eleven were both linked to larger known ShinyHunters campaigns, with Zara linked to the Anodot-Snowflake wave and 7-Eleven pulled into the group’s Salesforce-focused access campaign. Carnival appears to have been a separate, unrelated attack.

CRM, Customer relationship management software
Millions of Salesforce records were posted by the ransomware gang after victims allegedly refused to negotiate. Image by Anton garin | Shutterstock

Interestingly, Medtronic, a medical technology manufacturer headquartered in Connecticut, which the gang claimed alongside the others on Friday, no longer appears on the ShinyHunters blog – possibly due to ongoing ransom negotiations or even having paid the extortion fee.

The group claimed to have compromised 9 million Medtronic records of personally identifiable information (PII) and internal corporate data.

Also notably absent from the leak site are fellow Salesforce victims Aman Resorts, a Swiss-owned ultra-luxury hospitality brand with 500k records listed, and the North American commercial real estate brokerage firm Marcus & Millichap, with 30M records.

ADVERTISEMENT
ShinyHunters claims nine victims - Zara, Carnival, 7-Eleven
Screenshot of ShinyHunters leak site taken on April 18, 2026. Image by Cybernews

Additionally missing from the blog – at least before any exfiltrated data was subsequently dropped on the site – were proof samples from any of the 40 victim coffers.

As for how long the victims' data will be listed on the site? ShinyHunters claims “indefinitely.”

“We will make sure every corner of the criminal undergroud world has your data and is abusing it,” the group boasts on its information page.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Active since 2020, ShinyHunters is a well-known cybercrime and extortion group, previously linked to multiple high-profile data theft campaigns, including the recent Okta vishing campaign targeting single sign-on (SSO) credentials.

Recent victims include such big names as Amtrak, Alert 360, Rockstar Games, Hims & Hers, European Commission, and Ameriprise Financial.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT