JCPenney Breach Details
Domain: jcpenny.com
Breach Date: 12 June 2026
In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later published publicly. The exposed records indicated they primarily related to internal HR systems and impacted current and former employees. The data included 368k corporate and personal email addresses, names, dates of birth, Social Security numbers, phone numbers and home addresses.
Breached Data:
• Dates of birth
• Email addresses
• Government issued IDs
• Job titles
• Names
• Phone numbers
• Physical addresses
• Usernames
Check Email Address
Breach Date: 12 June 2026
In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later published publicly. The exposed records indicated they primarily related to internal HR systems and impacted current and former employees. The data included 368k corporate and personal email addresses, names, dates of birth, Social Security numbers, phone numbers and home addresses.
Breached Data:
• Dates of birth
• Email addresses
• Government issued IDs
• Job titles
• Names
• Phone numbers
• Physical addresses
• Usernames
Check Email Address
