Ralph Lauren Hit by ShinyHunters Extortion Campaign, 140K Records Leaked
Ralph Lauren has fallen victim to a "pay or leak" extortion attack by the cybercriminal group ShinyHunters, which this week published a trove of stolen personal data. The leaked dataset includes 140,000 email addresses, names, phone numbers, and other sensitive information approximately 85% of which was already publicly available on LinkedIn.
The breach highlights the growing trend of double-extortion tactics, where threat actors not only encrypt data but also threaten to release it unless a ransom is paid. While the full scope of the incident remains unclear, the exposure of such a large volume of personal data raises concerns about potential phishing, identity theft, and further targeted attacks.
The incident underscores the risks posed by third-party data aggregation, as much of the leaked information appears to have been sourced from publicly accessible platforms. No details on ransom demands or Ralph Lauren’s response have been disclosed at this time.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7473508564355964928
Ralph Lauren cybersecurity rating report: https://www.rankiteo.com/company/ralph-lauren
"id": "RAL1781828694",
"linkid": "ralph-lauren",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '140,000',
'industry': 'Retail/Fashion',
'name': 'Ralph Lauren',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '140,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Email addresses',
'Names',
'Phone numbers',
'Other sensitive information']},
'description': "Ralph Lauren has fallen victim to a 'pay or leak' extortion "
'attack by the cybercriminal group ShinyHunters, which '
'published a trove of stolen personal data. The leaked dataset '
'includes 140,000 email addresses, names, phone numbers, and '
'other sensitive information, approximately 85% of which was '
'already publicly available on LinkedIn. The breach highlights '
'the growing trend of double-extortion tactics, where threat '
'actors threaten to release data unless a ransom is paid.',
'impact': {'brand_reputation_impact': 'Potential reputational damage',
'data_compromised': '140,000 records',
'identity_theft_risk': 'High'},
'lessons_learned': 'The incident underscores the risks posed by third-party '
'data aggregation and the growing trend of '
'double-extortion tactics.',
'motivation': 'Financial gain',
'post_incident_analysis': {'root_causes': 'Third-party data aggregation and '
'publicly accessible data'},
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'Cyber Incident Description'}],
'threat_actor': 'ShinyHunters',
'title': 'Ralph Lauren Hit by ShinyHunters Extortion Campaign, 140K Records '
'Leaked',
'type': 'Extortion'}