What Happened
In March 2026, specifically around March 9-31, the threat group ShinyHunters breached Hallmark Cards, Inc. (hallmark.com) and its streaming service Hallmark Plus (hallmarkplus.com) by gaining unauthorized access to data stored in Hallmark’s Salesforce environment, exfiltrating a 9.59 GB database containing approximately 6.2 million records affecting over 1.73 million unique users. After Hallmark refused extortion demands, ShinyHunters publicly leaked the data on April 12, 2026, exposing highly sensitive personally identifiable information (PII) including full names, verified email addresses, phone numbers, physical addresses, birthdays, and historical support tickets. This combination enables advanced social engineering, targeted phishing, and identity theft risks, with the breach added to trackers like Have I Been Pwned on the same leak date.
