The ShinyHunters extortion group has published data belonging to nearly 400,000 BCD Travel customers after a ransom deadline passed, making a large collection of customer records publicly available online.
According to researchers who reviewed the leaked data, the dataset contains information linked to approximately 396,000 individuals. The exposed records reportedly include names, email addresses, phone numbers, physical addresses, employer details, job titles, and customer support communications.
The publication follows earlier claims by ShinyHunters that it had breached BCD Travel and stolen company and customer information. The group previously set a deadline for the company to respond to its demands and warned that the data would be released if no agreement was reached.
After the deadline expired, the group published the customer records online.
Before releasing the data, ShinyHunters claimed it had obtained more than 700,000 Salesforce records along with information from SharePoint systems, internal documents, contracts, operational data, and customer records. Those claims were made by the attackers and have not been independently verified.
The leaked customer information appears to represent only part of the data the group claims to possess.
BCD Travel is a corporate travel management company that provides travel booking and management services for businesses, multinational companies, and government organizations. As a result, the exposed records may include information tied to corporate travelers and business customers.
Researchers examining the published data said the leak contains a broad range of personal and business-related information. Customer support records included in the dataset could provide additional context about travelers, bookings, and interactions with the company.
The incident has also been cataloged by breach-tracking services. Have I Been Pwned added the breach to its database and reported that roughly 396,300 unique email addresses were included in the published records.
According to the breach notification service, the leaked information contains names, email addresses, phone numbers, physical addresses, employer information, job titles, and support ticket data collected from multiple datasets.
While the publication of the customer records has been confirmed, the full scope of the intrusion remains unclear. ShinyHunters continues to claim that it obtained additional internal company data beyond what has been publicly released.
At the time of reporting, the leaked dataset containing information on nearly 400,000 customers was circulating publicly online.