What Happened
In the ralphlauren.com data breach in 2026, fashion retailer Ralph Lauren was hit by an extortion-style cyberattack linked to threat groups CoinbaseCartel and ShinyHunters, with activity reported around April 11–12, 2026 and data later circulating publicly in June 2026. Attackers claimed access to internal systems (including a Salesforce instance) and ultimately leaked a large dataset containing at least about 140,000–162,000 records, with exposed information including customer and/or user email addresses, names, phone numbers, genders and age groups, but with no clear evidence in the public reporting of payment card data. The incident has been described as a “pay or leak” extortion campaign in which the group threatened to fully publish stolen data if Ralph Lauren did not engage, and multiple security trackers and breach catalogs now list ralphlauren.com as a confirmed 2026 breach with unknown or large leak size beyond the email-identified records.
