Moody Bible Institute says breach exposed data on 2.3 million people
Moody Bible Institute (MBI) has confirmed that a cyberattack led to the exposure of personal information tied to more than 2.3 million people, according to breach notification data and reporting on th...
Moody Bible Institute (MBI) has confirmed that a cyberattack led to the exposure of personal information tied to more than 2.3 million people, according to breach notification data and reporting on the incident.
The Christian college disclosed the attack in June after detecting unauthorized access to its systems. Soon afterward, the ShinyHunters extortion group published material it said was stolen from the institution. Have I Been Pwned later added the dataset to its breach tracking service, helping quantify the scale of the exposure.
According to details shared with the leaked cache, the exposed information includes names, genders, dates of birth, home and email addresses, phone numbers, and marital status. The release also appears to contain records related to donor relations, students, alumni, and supporters connected to the institute.
MBI said its technology team had addressed the vulnerability that allowed the intrusion and brought in outside cybersecurity specialists to assist with incident response. The organization urged affected individuals to watch their accounts closely and to consider using fraud alerts or credit freezes while the investigation continued.
In a public statement, MBI said it was relying on internal staff and external experts to manage the situation. The institute also framed the incident in religious terms, saying it remained confident during the investigation.
Founded in 1886, Moody Bible Institute operates a university offering undergraduate, graduate, and online programs, along with aviation training that includes theological study. It also runs Moody Radio and a publishing division focused on Christian literature.
About ShinyHunters
- ShinyHunters has been linked to a series of high-profile data theft and extortion campaigns in 2026.
- The group’s public leak site has listed dozens of victims this year, though that does not necessarily reflect the full number of organizations affected.
- Earlier cases associated with the group have involved major brands and educational platforms.
The MBI disclosure adds to a growing list of organizations affected by pay-or-leak schemes, where attackers threaten to publish stolen files unless a payment is made. In this case, the publication of the data suggests the extortion attempt was not resolved in the attackers’ favor.
