Back to overview
Confidence MediumApr 24, 2026udemy.com

Udemy Data Breach: ShinyHunters Claims 1.4 Million Records Compromised

PatternExternal actor · Error · Confidentiality impact

On April 24, 2026, the ShinyHunters hacking group claimed responsibility for a data breach at Udemy, the online learning platform. The group alleged the theft of over 1.4 million user and corporate records, including personally identifiable information. ShinyHunters issued an ultimatum, threatening to leak the data if a ransom was not paid by April 27, 2026.

Signal date
Apr 24, 2026
Updated
Jun 26, 2026
Confidence
Medium
Sources
2 sources
udemy.com logo

Udemy

Domain
udemy.com
Sector
Information
Signals
1 linked

Signal context

First seen: Apr 24, 2026

Last updated: Jun 26, 2026

Status: Public signal

Key points

  • ShinyHunters group claimed data theft from Udemy on April 24, 2026.
  • Over 1.4 million user and corporate records allegedly compromised.
  • Exposed data includes personally identifiable information, names, physical addresses, phone numbers, employer details, and instructor payout methods.

Signal analysis

Beta

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization
Udemy logo
Udemy

Sector: Information

Likely country: Location not provided

Estimated
Threat source
Error activity

Watch process controls, misconfiguration and accidental disclosure paths.

  • Source type: outside the affected organization
Business impact
Potential data exposure

Impact area: Confidentiality

Likely asset: User or customer data

Trend context
15 signals with similar action pattern
  • 23 signals in the same sector
  • 88 signals with the same likely impact area
  • 1 signal linked to this organization/domain
Mentioned entities
UdemyData DisclosureShinyHunters ClaimsShinyHuntersUdemyOverExposed

External sources

Related signals

Grouped by why the signal is relevant.

keewah.com logoKeewahJun 22, 2026
Same sectorSame action patternSame impact area

Kee Wah Bakery Hit by Ransomware Attack, Data Leak Fears Emerge

Hong Kong's famous Kee Wah Bakery revealed on June 22, 2026, that it was hit by a ransomware attack on its internal network. The incident, which caused network malfunctions last Friday (June 19), targeted systems containing employees' personal data, as well as information related to business partners, online store customers, and mobile app members. While the company could not confirm if data was extracted, it has engaged cybersecurity experts, notified the Office of the Privacy Commissioner for Personal Data and police on Sunday (June 21), and is contacting affected parties as a precautionary measure. No customer payment or credit card information was involved.

jeveuxaider.gouv.fr logoJeveuxaiderJun 16, 2026
Same sectorSame action patternSame impact area

French Government Platform Jeveuxaider.gouv.fr Suffers Data Leak Affecting 550,000 Accounts

On June 16, 2026, the French government announced that its volunteering platform, Jeveuxaider.gouv.fr, had been a victim of a personal data leak affecting approximately 550,000 accounts.

chipsoft.nl logoChipsoftJun 12, 2026
Same sectorSame action patternSame impact area

Dutch hospitals restore digital access after cyberattack on ChipSoft

On June 12, 2026, reports indicated that Dutch hospitals were restoring digital access following a cyberattack on ChipSoft, a major healthcare software provider. The attack had previously caused patient files to become inaccessible at multiple locations, leading fifteen hospitals to preventively block all electronic patient information. This measure forced doctors to revert to paper records and oral transfers. While the incident was not a data leak in the traditional sense, it was a significant attack on the health infrastructure of the Netherlands, carried out through a single supplier serving numerous hospitals.

aivd.nl logoAivdJul 1, 2026
Same sectorSame impact area

CTIVD: AIVD en MIVD verwerken persoonsgegevens in bulkdata onrechtmatig

The Dutch intelligence services, AIVD and MIVD, have unlawfully processed personal data in bulk datasets, according to a ruling by the Committee for the Supervision of the Intelligence and Security Services (CTIVD). The report, published on July 1, 2026, states that groups of employees had unauthorized access to personal data, and large quantities of data were stored for too long. The bulk datasets, sometimes containing millions of records, include names, phone numbers, location data, social media data, and communication content, sourced from government agencies, commercially available datasets, or stolen datasets offered by criminals. The CTIVD has issued thirteen recommendations to improve the situation.

stnet.co.jp logoStnetJun 28, 2026
Same sectorSame impact area

STNet, Inc. Affected by KDDI Corporation Data Breach

STNet, Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. STNet customers' email addresses and passwords may have been compromised.

eogb.co.uk logoEogbJun 28, 2026
Same sectorSame impact area

eogb.co.uk Hit by Stormous Ransomware Group

eogb.co.uk, a UK-based organization, was claimed as a victim by the Stormous ransomware group. The incident was discovered on June 28, 2026, at 21:29 UTC, with deep access to Microsoft Dynamics GP, internal legal documents, partnership agreements, customer contracts, operational spreadsheets, financial reports, and executive documents.