moody.edu Listed by shinyhunters Ransomware Group
Over 23 gigabytes of Moody Bible Institute data (1,300+ files, tens of millions of records) was compromised across enrollment, donor relations, payroll, and communications systems (MBI, EDC/Salesforce leads, PeopleSoft PS_COMMUNICATION, Horizon SIS, WHPD donor database, and Cadence admissions), including 46 million communication records, 2.2 million enrollment lead records, 108,000 biodemographic master files with addresses and birthdates, 3.3 gigabytes of donor gift data, employee payroll XML with home addresses and earnings, 1,100+ admissions outreach files, and student housing assignment re
On June 15, 2026, the shinyhunters ransomware group listed Moody Bible Institute on its leak site after exfiltrating more than 23 gigabytes of internal files containing tens of millions of records from the school’s enrollment, donor relations, payroll, and communications systems.
Confirmed Details of the Breach
Public reporting indicates the data was taken from multiple platforms including MBI core systems, EDC and Salesforce leads, PeopleSoft PS_COMMUNICATION, Horizon SIS, the WHPD donor database, and Cadence admissions. The archive includes 46 million communication records, 2.2 million enrollment lead records, 108,000 biodemographic master files containing addresses and birthdates, 3.3 gigabytes of donor gift data, employee payroll XML files listing home addresses and earnings, more than 1,100 admissions outreach files, and student housing assignment records.
The shinyhunters group posted proof of the theft on its leak site, giving the institution a deadline to negotiate before wider publication. Exact number of individuals affected remains unknown, but the volume and sensitivity of the records suggest current and former students, donors, employees, and their families are potentially exposed.
Why This Matters for You and Your Family
When a school or nonprofit suffers a breach of this scale, the information rarely stays contained. Names, addresses, birthdates, phone numbers, email addresses, and financial details can be combined with data from earlier leaks to build detailed profiles. If you or anyone in your household ever attended Moody Bible Institute, donated to it, or worked there, your family’s personal information may now be in the hands of criminals who openly sell or publish it.
Payroll files with home addresses and earnings and donor gift records are especially useful to thieves planning identity theft, tax fraud, or targeted scams. Children’s or grandchildren’s enrollment and housing records can also surface, increasing risks of harassment or account takeovers on platforms where the same email or password is reused.
The Doxxing and Identity-Chain Risks
Leaked records like these rarely operate in isolation. A single address or phone number can link disparate online handles, gaming usernames, and family relationships. Attackers use these connections to escalate from data theft to full doxxing—publishing personal details, contacting victims directly, or hijacking accounts. Credential leaks of this nature frequently cascade into gaming account takeovers, especially for children and teenagers who share family email addresses or passwords.
Once initial data appears on a ransomware leak site, copies often spread to dozens of underground forums within days. The longer the information circulates unchecked, the harder it becomes to limit the damage to you and your family.
Shinyhunters’ Publicly Known Track Record
Public reporting attributes the shinyhunters group with emerging in 2020 and targeting educational institutions, tech companies, and consumer-facing organizations. Notable prior victims include several large online services where customer records were exfiltrated and used for extortion. Their typical playbook involves initial access through phishing or exploited vulnerabilities, followed by broad data exfiltration, then publication on dedicated leak sites with countdown deadlines to pressure payment. The group routinely posts proof packets and offers the full archive for sale if demands are not met.
What to do
- Run a DoxxScan to map every link between your emails, phone numbers, addresses, and online handles that may have been exposed in this or earlier breaches.
- Rotate any password you ever used at Moody Bible Institute or related systems, then enable two-factor authentication everywhere that same password was reused.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak exposing your family is caught and addressed in hours rather than months.
- Cover the household with DoxxScan family protection, which extends to dependents and children’s gaming accounts that often chain back to the same addresses or parent emails.
- Let remediation specialists handle takedown requests for any exposed personal information appearing on data broker sites or underground forums.
The incident underscores that a single institutional breach can quietly feed long-term identity and privacy risks for ordinary families. Starting with a clear picture of what data is already circulating and stopping the next link in the chain remains the most practical defense. DoxxScan by GalaxyWarden delivers that continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and household coverage that includes children’s gaming accounts.
Related breaches
Richmont Graduate University Listed by AiLock Ransomware Group
Richmont Graduate University is a Christian graduate institution offering master's programs in couns…
Preneed Funeral Programs Listed by play Ransomware Group
United States…
Mount Royal University Listed by cmdorganization Ransomware Group
The university was established in 1910. Mount Royal University is a public university in Calgary, Ca…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →