ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

BCD Travel Data Breach

bcdtravel.com
Limited exposure
Verified breach
Accounts exposed 396,313
Breach date 29 May 2026
Added to tracker 05 Jun 2026
Data classes 7

What happened

In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other exposed data included names, addresses, phone numbers, job titles and employer names, spanning a variety of different data sets including leads, internal staff and support tickets.

Exposed data

Email addresses Employers Job titles Names Phone numbers Physical addresses Support tickets

Recommended actions

  • Watch for targeted phishing emails referencing BCD Travel โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP