A cybercriminal group claims it has stolen more than 220GB of data from fashion company Ralph Lauren, alleging that the dataset includes customer information, transaction records, and details about products that have not yet been released.
The claims were posted on a dark web leak site operated by the ShinyHunters hacking group. According to the attackers, the stolen data contains customer personally identifiable information (PII), purchase and transaction data, and information related to future Ralph Lauren product releases planned for 2027 and beyond.
At the time of writing, Ralph Lauren has not publicly confirmed that a breach occurred. The company had not responded publicly to the allegations, and the attackers did not provide a data sample that would allow independent verification of their claims.
The threat actors stated that they intend to publish the allegedly stolen data on June 14 if their demands are not met. Such claims are commonly used in extortion attempts, where attackers threaten to release data in an effort to pressure organizations into negotiations.
While the latest allegations remain unverified, Ralph Lauren’s name has surfaced in previous breach-related claims during 2026. In April, a separate threat actor claimed to possess data allegedly linked to Ralph Lauren, Lacoste, Canada Goose, and Carter’s. Researchers who reviewed sample files from that incident reported seeing employee names, work email addresses, and partially redacted customer information, though the full scope of the alleged exposure was never confirmed.
The newly claimed incident is different in scale. ShinyHunters alleges it obtained more than 220GB of information and claims the dataset extends beyond customer records to include internal business information and unreleased products. Those claims remain solely the attackers’ assertions and have not been independently verified.
ShinyHunters has become one of the most active extortion-focused cybercrime groups in recent years and has repeatedly claimed responsibility for attacks targeting large organizations. In this case, however, no evidence has been publicly released to substantiate the alleged compromise of Ralph Lauren systems.
Until Ralph Lauren comments or additional evidence emerges, the existence, scope, and contents of the alleged breach remain unconfirmed. The only publicly available information is the claim posted by ShinyHunters, which alleges that more than 220GB of data was taken and could be released publicly on June 14.