Major global brands including Zara, Carnival and 7 Eleven have been targeted in a ransomware campaign by the ShinyHunters group. The attackers issued a “pay or leak” ultimatum, threatening to release over 9 million records containing sensitive personal and corporate data, highlighting the growing scale and impact of data extortion attacks.
A New Phase of Data Extortion
A recent cyber incident involving ShinyHunters highlights a shift in how ransomware attacks are evolving. Instead of focusing solely on encrypting systems, attackers are increasingly prioritising data theft and public exposure.
In this case, major global brands such as Zara, Carnival Corporation and 7 Eleven were issued a clear ultimatum. Pay the ransom or face public data leaks. The group warned that more than 9 million records containing personally identifiable information and internal data were at risk.
From Ransomware to Data Exposure
This incident reflects a broader trend where attackers no longer rely on encryption alone. Instead, they exfiltrate large volumes of sensitive data and use public leak sites as leverage.
In many cases, even if systems remain operational, organisations face significant risk through
- Exposure of customer and employee data
- Increased phishing and identity theft risks
- Reputational damage and regulatory consequences
Subsequent reports indicate that such campaigns can involve tens of millions of records and terabytes of internal data, signalling a growing scale of impact.
The Expanding Attack Surface
Another critical aspect of this incident is how breaches are occurring. The attack has been linked to vulnerabilities in third party platforms and cloud ecosystems, demonstrating how interconnected systems can amplify risk.
This highlights a key reality
Organisations are no longer only securing their own infrastructure but also the extended digital ecosystem they rely on.
Trevonix Perspective
At Trevonix, this incident reinforces a fundamental shift in cyber security
The primary risk is no longer system downtime but uncontrolled data exposure
As attackers move towards data centric extortion, organisations must evolve their security strategies beyond traditional perimeter and endpoint protection
This requires
- Strong identity governance across all users and systems
- Continuous monitoring of access and behaviour
- Tight control over third party and cloud integrations
- Protection of sensitive data at every stage of access and usage
Most importantly, identity must become the central control layer. Every access request, whether from a user, application or AI agent, must be verified, monitored and governed in real time
Conclusion
The ShinyHunters campaign highlights how cyber threats are becoming more aggressive, targeted and data driven.
Organisations that prioritise identity led security and continuous governance will be better positioned to prevent, detect and respond to these evolving threats while protecting both data and trust
Reference: https://cybernews.com/security/zara-carnival-7eleven-ransomware-shinyhunters-leak-warning/
