ShinyHunters Claim Theft of More Than 3 Million Cisco Records, Threatening Public Leak

The ShinyHunters hacking group has claimed responsibility for stealing more than three million records from Cisco Systems and is threatening to release the data publicly if demands are not met, SC Media reported. ShinyHunters is among the most prolific and destructive cybercrime groups operating today, responsible for a string of high-profile breaches including the 2024 Snowflake customer data theft that exposed records from Ticketmaster, Santander Bank, AT&T, and dozens of other organizations. The group typically exfiltrates data from cloud environments and uses the threat of public release to extort victims or sells the data on criminal marketplaces. Cisco has not confirmed the breach claim. The company said it is investigating the alleged incident. Cisco has been targeted in prior cyber operations, including a 2022 intrusion attributed to the Yanluowang ransomware group that compromised employee credentials through a voice phishing campaign. If confirmed, a three-million-record breach would represent a significant exposure of Cisco customer, partner, or employee data. Cisco's customer base spans virtually every major enterprise, government agency, and telecommunications provider globally, meaning the composition of any exposed dataset would be of high intelligence and criminal value. The ShinyHunters group has been the subject of international law enforcement attention. Several alleged members were arrested and charged in the United States and France in 2024, but the group has continued operating under the same name, suggesting the arrests either did not capture the group's core operators or that the brand has been adopted by new actors. Organizations with Cisco service contracts or partner relationships are advised to monitor for suspicious communications or credential misuse while the investigation is ongoing.