ZenBusiness: 'This is a final warning': Hackers say they'll leak "several terabytes" of ZenBusiness data

ShinyHunters Threatens ZenBusiness with Data Leak Deadline

The notorious ransomware group ShinyHunters has issued a "final warning" to ZenBusiness, a U.S.-based platform supporting small businesses with LLC formation, compliance, and back-office tools. The group threatened to leak terabytes of stolen data and create "several annoying (digital) problems" if a ransom is not paid by March 25.

Security researchers believe ShinyHunters gained access through vishing (voice phishing), impersonating IT staff to trick employees into granting remote access. Once inside, the group likely compromised platforms like Salesforce or Snowflake to exfiltrate sensitive data potentially including customer PII, employee records, and internal operations details, which could undermine ZenBusiness’s competitive edge.

ZenBusiness, which serves freelancers, startups, and small businesses with an estimated $75 million in annual revenue, is the latest in a string of ShinyHunters targets. Recent victims include Infinite Campus (11 million affected), Telus Digital, Wynn Resorts, and Crunchyroll, highlighting the group’s aggressive and persistent campaign. The breach remains unconfirmed by ZenBusiness, but researchers warn of potential exposure risks.

Source: https://www.techradar.com/pro/security/this-is-a-final-warning-hackers-say-theyll-leak-several-terabytes-of-zenbusiness-data

ZenBusiness cybersecurity rating report: https://www.rankiteo.com/company/zenbusiness-pbc

"id": "ZEN1774628650",
"linkid": "zenbusiness-pbc",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Small Business Services, LLC Formation, '
                                    'Compliance',
                        'location': 'U.S.',
                        'name': 'ZenBusiness',
                        'type': 'Business Platform'}],
 'attack_vector': 'Vishing (Voice Phishing)',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Customer PII',
                                              'Employee records',
                                              'Internal operations details']},
 'description': 'The notorious ransomware group ShinyHunters has issued a '
                "'final warning' to ZenBusiness, a U.S.-based platform "
                'supporting small businesses with LLC formation, compliance, '
                'and back-office tools. The group threatened to leak terabytes '
                "of stolen data and create 'several annoying (digital) "
                "problems' if a ransom is not paid by March 25.",
 'impact': {'brand_reputation_impact': 'Potential reputational damage',
            'data_compromised': 'Terabytes of stolen data',
            'identity_theft_risk': 'High'},
 'initial_access_broker': {'entry_point': 'Vishing (Voice Phishing)',
                           'high_value_targets': ['Salesforce', 'Snowflake']},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain, data extortion',
 'ransomware': {'data_exfiltration': 'Yes'},
 'references': [{'source': 'Security researchers'}],
 'threat_actor': 'ShinyHunters',
 'title': 'ShinyHunters Threatens ZenBusiness with Data Leak Deadline',
 'type': 'Ransomware'}