ShinyHunters dump 400K BCD Travel customers data online

Published: 8 June 2026
shiny hunters in a ransomware attack

Ransomware extortion group ShinyHunters published the personal information of approximately 396,000 customers of Dutch business travel agency BCD Travel on the dark web in a recent extortion campaign. This move follows the travel company’s failure to meet the attackers’ ransom deadline.

Key takeaways:
  • Nearly 400,000 customer records were exposed.
  • ShinyHunters leaked data after ransom talks failed.
  • Names, emails, phone numbers and support tickets were included.
  • Stolen data allegedly came from multiple internal systems.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

BCD Travel, headquartered in the Netherlands, is one of the largest business travel agencies in the world. It serves multinationals and government entities globally with planning business trips and related services, including booking flights, hotels, and rental cars.

ADVERTISEMENT

At the end of May, ShinyHunters claimed to have exfiltrated over 30GB of compressed data. Allegedly, the stolen information included over 700K Salesforce records, as well as various SharePoint sites, internal documents, customer records, and business-related data such as contracts and operational intelligence.

The attackers gave BCD Travel until June 1st to come up with the ransom demand, or otherwise they would leak all the stolen information onto the dark web.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

The deadline wasn’t met, and therefore, ShinyHunters published the stolen information.

According to Troy Hunt, a cybersecurity expert based in Australia, 396,313 unique email addresses have been leaked. The data also contained names, physical addresses, phone numbers, job titles, and support tickets.

Over a quarter of all leaked email addresses (28%) were already in the “Have I Been Pwned” database, Hunt says on X.

ShinyHunters is an infamous and well-known ransomware extortion group. Over the past few months, it has added many new names to its leak page, including telecom provider Odido, digital car dealer CarGurus, the European Commission, supplier of student information system Infinite Campus, and Canvas developer Instructure.

ADVERTISEMENT

Not all victims paid the ransom to ShinyHunters. For example, Odido told the media on numerous occasions that it refused to negotiate with or pay the attackers.

Instructure, on the other hand, admitted to having paid off the hackers and claimed that all the stolen data was deleted.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked