CRUNCHBASE has confirmed a data breach after hackers published files allegedly stolen from its systems, with the incident disclosed on 26 January 2026. The hackers, identified as the ShinyHunters cybercrime group, claim to have stolen more than 2 million records containing personal information and have made more than 400 MB of compressed files available for download after Crunchbase refused to pay a ransom, according to SecurityWeek.
Crunchbase said the incident involved exfiltration of certain documents from its corporate network and that no business operations have been disrupted, with the firm containing the incident and its systems secure. Upon detection, Crunchbase engaged cybersecurity experts to assist and contacted federal law enforcement, and it noted that the threat actor posted information online while it reviews the impacted data to determine if notifications are required by law. Alon Gal, CTO of Hudson Rock, analysed the leaked data and found personally identifiable information, contracts, and other corporate data.