ShellCodeX Breach Report
CFGI Data Breach
cfgi.com
Verified breach
Accounts exposed
248,235
Breach date
06 Mar 2026
Added to tracker
18 Jun 2026
Data classes
6
What happened
In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign. The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k unique email addresses, names, phone numbers and physical addresses.
Exposed data
Email addresses
Employers
Job titles
Names
Phone numbers
Physical addresses
Recommended actions
- Watch for targeted phishing emails referencing CFGI โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP