ShinyHunters has claimed responsibility for a cyberattack against BCD Travel, a major travel management company headquartered in the Netherlands with global operations. The group alleges that it gained access to customer and corporate data and has threatened to release additional information after a payment deadline passed. While BCD Travel has acknowledged a security incident, the full scope of the alleged breach has not been independently confirmed.
ShinyHunters Claims Large-Scale Data Theft
On May 29, 2026, ShinyHunters published a message claiming it had compromised BCD Travel's systems and obtained more than 700,000 records from the company's Salesforce environment, along with data from various internal SharePoint sites. According to the group's statement, BCD Travel was given until June 1 to make contact and negotiate. The threat actor warned that failure to do so would result in the publication of the stolen data and other unspecified consequences. Reports indicate that ShinyHunters has since begun releasing data online. Cybersecurity researchers cited by Dutch media stated that a file exceeding 30 gigabytes had already been published on the group's leak platform.
BCD Travel Responds to Incident
In a written statement, BCD Travel said it recently detected suspicious activity involving an internal account and activated its internal security procedures. The company stated that external specialists had been brought in to investigate the matter and determine the extent of the incident. BCD Travel has not confirmed the volume of data allegedly obtained by the attackers, nor has it disclosed whether any ransom demand was received. The company also stated that its services had not been interrupted and that its IT systems continued to operate normally.
Access to Salesforce and SharePoint Systems
ShinyHunters claims that the breach provided access to a customer database hosted on Salesforce as well as internal SharePoint environments used by employees for document sharing and collaboration. At the time of reporting, BCD Travel had not publicly verified these specific claims. The investigation into the incident remains ongoing.
ShinyHunters' Recent Activity
ShinyHunters has been active for several years and is known for conducting data theft and extortion operations. Rather than focusing on system encryption, the group typically claims to exfiltrate information and uses the threat of public disclosure as leverage. The group has previously been linked to incidents involving organizations including Ticketmaster and the company behind the Canvas education platform. Earlier in 2026, ShinyHunters also claimed responsibility for a breach affecting Dutch telecommunications provider Odido, which reportedly exposed data belonging to millions of current and former customers after credentials were allegedly obtained through a phishing attack.
Conclusion
The situation involving BCD Travel remains developing. ShinyHunters maintains that it obtained hundreds of thousands of customer records and internal corporate data, while BCD Travel has confirmed only that suspicious activity was detected and that an investigation is underway. Until additional findings are released, the full scope and impact of the incident remain unclear.
No comments yet — be the first.
Join the conversation
Log in to leave a comment