ShinyHunters exposes data on Mytheresa, Zara, Carnival, 7-Eleven – over 40 organizations tied up in new data trove which will stay up 'indefinitely'

In a newly released report, Cybernews says that the group leaked data from Mytheresa, Zara, Carnival, 7-Eleven, Pitney Bowes, The Canada Life Assurance Company, and Hallmark. These are all major organizations with millions of customers. Medtronic, Aman Resorts, and Marcus & Millichap were also mentioned as having their data published, among others.

When it comes to the types of data allegedly leaked, Cybernews mentions personally identifiable information (PII), customer data, transactional history, internal corporate data, and large-scale datasets including millions of records and terabytes of information.

Leaving the data "indefinitely"

For Medtronic specifically, nine million records of PII were mentioned, as well as internal corporate data.

“The extortion group made good on its promise to publish reams of data it claims to have stolen from the four victims – roughly 38 million records in total, as well as “terabytes” of internal corporate data,” Cybernews reported.

The earliest listing was January 23, 2026, the publication further stated, while the newest one was earlier this week.

It also said that Medtronic has been removed from the leak site in the meantime, suggesting that the company either paid the ransom, or is currently negotiating the release of the files.

For the others, ShinyHunters promises the data will remain on the site “indefinitely”:

“We will make sure every corner of the criminal underground world has your data and is abusing it,” the group allegedly said.

ShinyHunters is currently one of the most active ransomware operators out there. The group completely abandoned the encryption part of the attack and focuses solely on data exfiltration. Apparently, it is cheaper and easier to maintain, while being equally lucrative.

The group recently released files stolen from Rockstar Games, as well.

Via Cybernews