Back to Industry

Industry - Data Breach

moderateAnti-PrivacyData Breach

Executive Summary

The Moody Bible Institute suffered a data breach exposing personal information of 2.3 million donors, supporters, students, and alumni after the extortion group ShinyHunters published stolen data when ransom demands were not met. The compromised information includes names, dates of birth, physical and email addresses, phone numbers, genders, and marital statuses, creating risks for identity theft and targeted phishing attacks. The institute has engaged cybersecurity experts to investigate and...

What Happened

In June 2026, the Moody Bible Institute was targeted by the ShinyHunters extortion group in a 'pay or leak' cyberattack. When the institute did not meet the ransom demands, ShinyHunters published personal data from over 2.3 million donors, supporters, students, and alumni on underground forums and leak sites. The institute has engaged internal and external cybersecurity experts to investigate the breach and identify the attack vector.

Who Is Affected

More than 2.3 million individuals connected to Moody Bible Institute are affected, including current and former students, alumni, donors, and supporters. The exposed data includes names, dates of birth, email addresses, physical addresses, phone numbers, genders, and marital statuses. This comprehensive personal profile creates heightened risks for identity theft, account takeover attempts, synthetic identity fraud, and targeted phishing campaigns that may reference victims' relationships with the institution.

Why It Matters

This breach represents one of the largest data exposures affecting a faith-based educational institution and demonstrates the growing trend of extortion-based cyberattacks targeting nonprofits and educational organizations. ShinyHunters has a documented history of large-scale attacks against major organizations including Salesforce, Carnival, and Canvas, with the latter affecting an estimated 275 million students. The combination of demographic and contact information in this dataset enables sophisticated social engineering attacks, particularly concerning given that religious donor populations may be more trusting of communications appearing to originate from affiliated institutions.

What You Should Do

Check if your email appears in the Have I Been Pwned database to confirm exposure. Monitor your financial accounts and credit reports for unusual activity and consider placing a credit freeze or fraud alert with major credit bureaus. Enable multi-factor authentication on all email and financial accounts, and use a password manager to create unique, strong passwords for each account. Treat any unsolicited communications referencing Moody Bible Institute with extreme skepticism, even if they contain accurate personal details, as attackers may use the stolen data to craft convincing phishing attempts.

Summary generated from verified sources and reviewed before publication. How we summarize.

The Moody Bible Institute suffered a data breach exposing personal information... - Industry | PrivacyWire