ZenBusiness, a US-based company that provides online business formation and compliance services, has been named by the hacking group ShinyHunters in a claim of a large-scale data breach, according to security reporting.
The group stated that it had obtained “several terabytes” of data from the company and threatened to release the information unless a ransom demand was met. The claim was posted on a dark web leak site, where the group issued a deadline of March 25, 2026, for the company to respond.
According to the attackers, the alleged data was exfiltrated through multiple platforms, including Snowflake, Mixpanel, and Salesforce. These systems are commonly used by companies to manage customer data, analytics, and internal operations.
ZenBusiness offers services such as company registration, compliance management, and tools for small business owners. The company has received backing from entrepreneur Mark Cuban, who serves as a strategic advisor and investor in the firm.
Security researchers stated that if the claims are accurate, the dataset could include internal company information as well as customer or employee data. This may involve personally identifiable information and details about businesses created using the platform, according to the report.
At the time of reporting, ZenBusiness had not publicly confirmed the breach or responded to the claims made by the attackers.
Links to wider ShinyHunters activity
The incident follows recent activity attributed to ShinyHunters, a cybercrime group known for data theft and extortion campaigns. The group typically follows a “pay or leak” model, in which stolen data is used to pressure organisations into paying ransom demands.
Researchers noted that the ZenBusiness claim may be connected to earlier campaigns targeting customers of Salesforce and other cloud-based platforms. In those cases, attackers sought to access large volumes of data through third-party services and then use it for extortion.
The scope and authenticity of the alleged ZenBusiness breach remain unverified, and no independent confirmation of the data exposure has been reported.