Four Major Companies Were Hacked This Month. Here's What You Should Do.
July 7, 2026

Four Major Companies Were Hacked This Month. Here's What You Should Do.
In June 2026, hackers broke into American Tower, Madison Square Garden Sports, JCPenney, and Ralph Lauren. Millions of email addresses, names, phone numbers, and other personal details were stolen. You may have been affected if you work for or shop with any of these companies.
This isn't unusual. Large breaches happen regularly. The good news is that knowing what happened puts you in a position to protect yourself. Here's what you need to know.
Do I need to check if my information was exposed?
Yes. If you've ever worked for or shopped with American Tower, Madison Square Garden Sports, JCPenney, or Ralph Lauren, it's worth checking. Go to haveibeenpwned.com and type in your email address. The site will tell you if your information appeared in any known breach. This takes 30 seconds and costs nothing.
If your email shows up in one of these breaches, you weren't necessarily harmed—but you should take the next step.
What should I do if I find out I was affected?
Start with the company that was hacked. JCPenney employees should be especially careful, since Social Security numbers were stolen. If you're an employee and your SSN was exposed, contact the company's notification team right away and ask what they're offering for protection. Many companies provide free credit monitoring after a breach.
Next, change your password for that company's website or app. Use a password you've never used anywhere else. If you used the same password at other sites, change those passwords too. This prevents a scammer from using the stolen information to break into your other accounts.
Finally, stay alert for email messages that look like they're from these companies but ask you to confirm information or click a link. These fake messages are common after breaches. The real company will never ask you to verify your password or payment details by email.
Should I freeze my credit?
If your Social Security number was exposed—which happened in the JCPenney breach—consider placing a freeze with the three major credit bureaus (Equifax, Experian, and TransUnion). A freeze makes it much harder for a scammer to open new accounts in your name. It's free to place and remove, and it takes about 10 minutes per bureau.
For the other breaches, a freeze isn't necessary unless you see suspicious activity on your accounts.
What happened to the people who did this?
Two members of a hacking group called Scattered Spider pleaded guilty in the UK this month. They were behind a major cyberattack on London's transportation system in 2024. They'll face prison time. These kinds of prosecutions are rare—most hackers operate from countries that don't cooperate with law enforcement. But it's a reminder that law enforcement is paying attention and following these groups.
Breach after breach, companies promise to improve their security. Your job is simpler: check if you were affected, change your password, and stay alert. That puts you ahead of most people.
Sources
American Tower - 216,601 breached accounts Have I Been Pwned
Madison Square Garden Sports - 9,796,738 breached accounts Have I Been Pwned
JCPenney - 368,418 breached accounts Have I Been Pwned
Ralph Lauren - 139,903 breached accounts Have I Been Pwned
Scattered Spider Hackers Plead Guilty on Day 1 of Trial Krebs on Security
Enjoyed this? Get the next issue free.