Search

Crunchbase Confirms Data Breach After Hacking Claims

Cyber threats and incidents
By John Kevin Hao

Related

Cyber threats and incidents

KDDI Breach Exposes Up to 14.2 Million Email Logins at Six ISPs

What happened Japanese telecommunications operator KDDI disclosed a data breach...
Read more
Cyber threats and incidents

Xsolis Data Breach Affects 1.4 Million Individuals

What happened Healthcare technology company Xsolis disclosed a data breach...
Read more
Cyber threats and incidents

Canadian Electricity Provider London Hydro Discloses Data Breach

What happened London Hydro disclosed a data security incident that...
Read more
Cyber threats and incidents

Tata Electronics Data Breach Exposes Confidential Apple and Tesla Documents

What happened Tata Electronics confirmed a cybersecurity incident after the...
Read more
Cyber threats and incidents

Klue OAuth Breach Victim List Grows as Icarus Claims Responsibility

What happened Market intelligence platform Klue confirmed a security incident...
Read more

Share

What happened

Crunchbase confirms data breach after hacking claims when the market intelligence firm detected a cybersecurity incident involving unauthorized access and exfiltration of internal documents from its corporate network in late January 2026. The cybercrime group ShinyHunters claimed to have stolen more than 2 million records and made roughly 400 MB of compressed files available for download after Crunchbase declined to pay a ransom. In response, Crunchbase said it contained the incident, engaged external cybersecurity experts, and contacted federal law enforcement. A third-party analysis of leaked data indicated the presence of personally identifiable information (PII), internal contracts, and other corporate data in the leaked set. The breach did not disrupt operations according to the company’s statement, and the firm is reviewing impacted information consistent with legal obligations. 

Who is affected

Crunchbase customers, partners, and any individuals whose PII was included in the stolen dataset are directly affected. Indirect exposure could involve broader business intelligence and customer service data being used fraudulently beyond Crunchbase’s platform. 

Why CISOs should care

Breaches involving PII and corporate data can trigger regulatory reporting, identity risk, and corporate reputation impact. The involvement of a known data theft group highlights ongoing targeted extortion strategies and the necessity for strong perimeter and internal monitoring controls. 

3 practical actions

  • Verify compromised data scope: Review logs and forensic findings to precisely determine which systems and data sets were accessed and exfiltrated.

  • Reinforce anomaly detection: Strengthen monitoring for unusual data access patterns, large data exports, and lateral movement within corporate networks.

  • Update incident response plans: Integrate lessons learned from this event and clearly codify escalation paths and legal notification triggers.

IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

Previous article
‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing
Next article
Ransomware Attack Disrupts Operations at Japan’s Largest Port
Cyber threats and incidents

Hackers Now Exploit Critical Oracle E-Business Suite Flaw in Attacks

What happened Attackers have begun exploiting a critical vulnerability in...
Cyber threats and incidents

Hackers Exploit Critical SimpleHelp Flaw to Deploy Djinn Stealer

What happened Hackers are exploiting a critical vulnerability in SimpleHelp...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.