← Back

June Data Breaches Hit Retailers and Sports Organizations

June 25, 2026

June Data Breaches Hit Retailers and Sports Organizations

June Data Breaches Hit Retailers and Sports Organizations

June brought a cluster of significant data exposures affecting millions of people. Here's what happened, and what you need to know.

Madison Square Garden Sports Exposed Nearly 10 Million Accounts

Hackers broke into Madison Square Garden Sports and stole nearly 10 million records in June 2026. The stolen data included email addresses, names, phone numbers, employment information, and customer details. If you have a ticket account, fan account, or work connection with MSG Sports, assume your information is out there. Check your email for password reset requests you didn't make, and consider changing your password if you use it elsewhere.

JCPenney Employees and Former Staff Affected

JCPenney revealed a breach affecting over 368,000 current and former employees. The hackers got email addresses, names, dates of birth, and Social Security numbers. This is serious because Social Security numbers are useful for identity theft and fraud. If you worked for JCPenney, monitor your credit reports through the free annual credit report sites (annualcreditreport.com) and watch for suspicious accounts opened in your name.

Ralph Lauren Fashion Retailer Breached

In June, fashion retailer Ralph Lauren was hit by hackers who published hundreds of gigabytes of data, including nearly 140,000 email addresses, names, phone numbers, and personal information. The volume of data stolen suggests the breach was significant and well-organized. If you have a Ralph Lauren account, change your password and watch for unexpected charges.

Law Enforcement Takes Down Major Malware Network

International law enforcement coordinated Operation Endgame 4.0 in June 2026, targeting the SocGholish malware network. Officers shut down over 15,000 compromised websites and disrupted more than 100 criminal servers. SocGholish is malware designed to infect computers and spread further infections. While this is a win for security, it's also a reminder that malware is common enough to warrant international attention. Keep your software updated, run antivirus tools, and avoid clicking suspicious links.

TV Box Botnet Linked to Israeli Tech Company

Researchers discovered that millions of consumer TV boxes have been infected with a botnet called Popa for the past four years. The botnet forces infected boxes to relay internet traffic used for advertising fraud, account takeovers, and data theft. Investigators linked the operation to NetNut, a proxy service operated by a publicly-traded Israeli technology company. If you have a smart TV or set-top box, make sure it's running the latest firmware available from your manufacturer or cable provider.

What to Do Now

If you have accounts with any of these organizations, start with a password change. If your Social Security number was exposed (like at JCPenney), consider placing a credit freeze or fraud alert with the credit reporting agencies. You can do this for free at annualcreditreport.com. Watch your bank and credit card statements for anything you don't recognize. These breaches expose you to targeted phishing attempts, so be cautious of unexpected emails asking you to verify account information or click links. You're not at fault here—these are big, established companies with security teams. What matters now is staying alert.

Enjoyed this? Get the next issue free.