CFGI Hit by ShinyHunters Extortion Campaign, Exposing 243K Corporate Emails
In March, global consulting firm CFGI fell victim to an extortion campaign by the cybercriminal group ShinyHunters, resulting in the leak of 243,000 unique email addresses alongside names and corporate contact details. The exposed data, which included both current and former employees, was later published online, amplifying the breach’s impact.
Analysis revealed that 53% of the compromised email addresses were already indexed on LinkedIn, increasing the risk of targeted phishing or credential-stuffing attacks. The incident highlights the growing threat of extortion-based breaches, where attackers not only steal data but also publicly release it to pressure victims into paying ransoms.
The breach underscores the persistent vulnerabilities in corporate data protection, particularly as threat actors like ShinyHunters continue to exploit weak security measures to extract and monetize sensitive information. No further details on the attack vector or CFGI’s response have been disclosed.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7473215791442587648
CFGI cybersecurity rating report: https://www.rankiteo.com/company/thecorporatefinancegroup
"id": "THE1781756626",
"linkid": "thecorporatefinancegroup",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '243,000 unique email addresses '
'(current and former employees)',
'industry': 'Consulting',
'location': 'Global',
'name': 'CFGI',
'type': 'Consulting Firm'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '243,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Personally identifiable information '
'(PII)',
'type_of_data_compromised': 'Email addresses, names, '
'corporate contact details'},
'date_detected': '2024-03',
'description': 'In March, global consulting firm CFGI fell victim to an '
'extortion campaign by the cybercriminal group ShinyHunters, '
'resulting in the leak of 243,000 unique email addresses '
'alongside names and corporate contact details. The exposed '
'data, which included both current and former employees, was '
'later published online, amplifying the breach’s impact. '
'Analysis revealed that 53% of the compromised email addresses '
'were already indexed on LinkedIn, increasing the risk of '
'targeted phishing or credential-stuffing attacks. The '
'incident highlights the growing threat of extortion-based '
'breaches, where attackers not only steal data but also '
'publicly release it to pressure victims into paying ransoms.',
'impact': {'brand_reputation_impact': 'Amplified due to public data leak',
'data_compromised': '243,000 unique email addresses, names, and '
'corporate contact details',
'identity_theft_risk': 'Increased risk of targeted phishing or '
'credential-stuffing attacks'},
'lessons_learned': 'The incident highlights the growing threat of '
'extortion-based breaches and persistent vulnerabilities '
'in corporate data protection.',
'motivation': 'Extortion',
'post_incident_analysis': {'root_causes': 'Weak security measures exploited '
'by threat actors'},
'threat_actor': 'ShinyHunters',
'title': 'CFGI Hit by ShinyHunters Extortion Campaign, Exposing 243K '
'Corporate Emails',
'type': 'Extortion'}