top of page

Abrigo - 711,099 Accounts Breached

  • May 14
  • 2 min read

Key Findings


  • ShinyHunters group conducted "pay or leak" extortion campaigns against at least two major companies in April 2026

  • Abrigo suffered a breach exposing 711,099 records from its Salesforce instance, containing business contact information

  • Canada Life experienced a separate incident resulting in 237,810 breached records including customer personal data

  • Both breaches involved similar extortion tactics followed by public data release when demands were not met

  • Combined incidents exposed nearly one million records across financial services and fintech sectors


Background


ShinyHunters emerged as a significant threat actor in 2026, running coordinated extortion campaigns against multiple organizations. The group's modus operandi involves accessing sensitive data, typically through cloud application vulnerabilities or compromised credentials, then demanding payment with threats to publicly release the information. When targets refuse or fail to pay, ShinyHunters follows through on their threats by publishing the stolen data.


Abrigo Incident


Abrigo, a fintech software company serving financial institutions, fell victim to ShinyHunters in April 2026 when the group gained unauthorized access to their Salesforce instance. The attackers exfiltrated over 711,000 records containing business contact information including institution names, employee names, email addresses, and phone numbers. After the initial extortion demand was not met, ShinyHunters publicly released the dataset. Notably, this breach occurred separately from a previous year's Salesforce compromise at Abrigo involving the Drift application connector, though the data types compromised were consistent between both incidents.


Canada Life Incident


Canada Life, a major insurance and financial services provider, was targeted by the same ShinyHunters group in the same timeframe. The breach exposed over 237,000 unique email addresses alongside names, phone numbers, and physical addresses. Some customer support tickets were also included in the leaked data. Canada Life's official disclosure indicated that only a small proportion of their customer base was affected, though the exact scope remains unclear. Following the public release of data, Canada Life issued alerts warning customers about increased phishing risks, a common secondary threat that materializes after breached data enters the public domain.


Sources


  • https://haveibeenpwned.com/Breach/Abrigo

  • https://haveibeenpwned.com/Breach/CanadaLife

Recent Posts

See All

Comments


  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page