ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

CFGI Data Breach

cfgi.com
Limited exposure
Verified breach
Accounts exposed 248,235
Breach date 06 Mar 2026
Added to tracker 18 Jun 2026
Data classes 6

What happened

In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign. The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k unique email addresses, names, phone numbers and physical addresses.

Exposed data

Email addresses Employers Job titles Names Phone numbers Physical addresses

Recommended actions

  • Watch for targeted phishing emails referencing CFGI โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP