THREATOPS
THREAT OPSThreat News › [Breach] JCPenney — 368,418 accounts exposed

[Breach] JCPenney — 368,418 accounts exposed

lowhibp_breachesPublished 2026-06-12

Breached service: JCPenney Domain: jcpenny.com Accounts exposed: 368,418 Breach date: 2026-06-12 Added to HIBP: 2026-06-20T03:02:45Z Data classes leaked: Dates of birth, Email addresses, Government issued IDs, Job titles, Names, Phone numbers, Physical addresses, Usernames Description: In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion cam

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://haveibeenpwned.com/PwnedWebsites#JCPenney