A data breach affecting Alert360, a US-based home and business security systems provider, has been claimed by the cybercrime group ShinyHunters, which says it released stolen data after negotiations with the company failed.
According to statements published by the group on its leak site, more than 2.5 million records were compromised and later made publicly available. The attackers stated that the data was released after discussions over a ransom payment did not result in an agreement.
The dataset is described by the threat actors as containing personally identifiable information along with internal corporate data. The exact composition of the records has not been independently verified, and no detailed breakdown of the exposed fields has been publicly confirmed.
Alert360 is identified as one of the larger providers of monitored security systems in the United States, offering services for residential and commercial customers. Companies in this sector typically manage customer contact information, account details, and system-related data, although the specific categories affected in this case have not been formally disclosed.
The breach was first disclosed through the group’s dark web leak site, where Alert360 was listed alongside a message indicating that the data had already been published. The entry referenced a breakdown in communication between the attackers and the company prior to the release.
Independent listings of the incident on breach tracking platforms repeat the claim that over 2.5 million records were taken, again describing the data as including both personal and corporate information. These listings also reference the group’s standard “pay or leak” approach, in which organisations are given a deadline to respond before data is published.
The company has not issued a public statement confirming the breach at the time of reporting. As a result, the scope of the incident, the timeline of unauthorised access, and the number of affected individuals have not been independently verified.
The incident forms part of a series of breaches attributed to ShinyHunters in 2026, which have involved targeting organisations through cloud-based systems and third-party services. Publicly available records show that multiple companies across different sectors have been listed on the group’s leak site using similar methods and timelines.
No further technical details about how access was obtained in the Alert360 case have been disclosed. Investigations into the incident and verification of the exposed data remain ongoing.