← Back to monitor
Confirmed Critical
JCPenney
In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later publi…
Observed context
Detected on . Classification may change as independent evidence emerges.
Reported data classes
Dates of birthEmail addressesGovernment issued IDsJob titlesNamesPhone numbersPhysical addressesUsernames
References
Public intelligence sources only — Rift links to reporting, never to leaked data.