ShinyHunters claim JCPenney retail data theft involving SSNs and payroll files

Published: 12 June 2026
JCPenney claimed by ransomware gang

ShinyHunters has targeted JCPenney, issuing the company an ultimatum: release highly sensitive identity data publicly or face further attacks.

The ShinyHunters extortion group is after the iconic American department store chain JCPenney. The name appeared on the gang’s leak site along with several other retail brands operating under Catalyst Brands and Authentic Brands Group.

The post, published on June 12th, 2026, alleges that “hundreds of thousands” of records were stolen and warns that the affected organizations have until June 15th to make contact before the data is released publicly.

ADVERTISEMENT

“This is the last warning,” the gang wrote in the post, putting pressure on its victim as usual for ransomware gangs.

The allegedly compromised data include highly sensitive personal and employment information, including:

  • Social Security numbers (SSNs)
  • Dates of birth
  • W-2 tax records
  • Payroll information
  • Physical scans of government-issued identity documents
  • Driver's licenses
  • Additional personally identifiable information (PII)

However, the threat actors have not published any data samples to back up their claims.

If the claims are legitimate, the data could be exploited by attackers. If the stolen dataset really contains what attackers are advertising, it is a treasure trove for identity theft and financial fraud schemes.

Unlike breached passwords that can be reset, identifiers issued by the government, such as Social Security numbers and driver's license details, remain valid for years.

The inclusion of W-2 records and payroll information further increases the potential risks to affected individuals, as these documents typically contain enough information to support sophisticated phishing campaigns.

Cybernews has reached out to the company for comment. We will update this article when we receive a response.

ADVERTISEMENT
jcpenney

What do we know about ShinyHunters?

ShinyHunters has been linked to numerous high-profile breaches over recent years and has built a reputation for stealing and monetizing large datasets.

The primarily English-speaking extortion group is known for many high-profile attacks. This year, the gang hit Dutch telecommunications giant Odido and the European Commission. The gang is also behind attacks on Cisco Systems, GTA creators Rockstar Games, and US investment advisory firms Mercer Advisors and Beacon Pointe Advisors.

The gang is responsible for last year’s Salesforce heist, which was claimed by a conglomerate of three gangs, dubbed Scattered LAPSUS$ Hunters. ShinyHunters is a member of this trio.

The Salesforce attacks affected more than 700 other companies, including Cloudflare, Zscaler, Palo Alto Networks, Google, Allianz Life, TransUnion, Farmers Insurance, Air France, and KLM.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked