Last updated 1 month ago
In March 2026, Hallmark, a major US-based retail company, suffered a breach that exposed 1,736,520 unique email addresses. The incident affected both Hallmark and its Hallmark+ streaming service, with data including names, phone numbers, physical addresses, and support tickets. The breach was allegedly discovered after attackers gained access to data stored within Salesforce, and the data was later published following a failed extortion deadline.
The attack vector involved unauthorized access to Salesforce, though the specific initial access method is not detailed. The attackers exfiltrated a wide range of personal identifiable information (PII) including email addresses, names, phone numbers, physical addresses, and support tickets. No specific threat actor or ransomware group has been attributed to this incident, and no CVEs or MITRE ATT&CK techniques are mentioned.
Post-incident, the data was published after the extortion deadline passed, confirming the breach's impact. No further details on regulatory actions, litigation, or ransom payments are available in the article.
Attackers gained access to data stored within Salesforce, leading to extortion and subsequent publication of data after deadline passed.
Hallmark's reliance on Salesforce without adequate access controls or monitoring allowed attackers to exfiltrate extensive PII. The subsequent extortion and data publication highlight the need for robust data segmentation, encryption at rest, and incident response plans that include rapid containment and notification procedures.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector