10/8/25, 3:34 PM                         Shinyhunters Extorts Red Hat Over Stolen CER Data - Dataconomy
           of the stolen Customer Engagement Reports, which included documents related to major
           corporations and government bodies, including Walmart, HSBC, the Bank of Canada, the
           Department of Defence, and American Express.

           ShinyHunters’ extortion-as-a-service model confirmed

           The incident confirms long-held speculation that ShinyHunters operates as an extortion-as-a-
           service (EaaS) platform. This model functions like ransomware-as-a-service, where the
           platform’s operators work with different hacking groups to conduct extortion and take a
           percentage of any ransom payments.

           ShinyHunters has now confirmed it operates this model, detailing the revenue split. The group
           stated that the hackers they work with typically take 70-75% of the payment, while ShinyHunters
           receives a 25-30% cut. The launch of the public data leak site marks a shift from a private to a
           public-facing extortion service.


           Other targets on the ShinyHunters platform

           The ShinyHunters site is also being used to extort the financial information and analytics
           company S&P Global on behalf of a different attacker. That group claimed to have breached
           S&P Global in February 2025, a claim the company denied at the time. Data samples asserted
           to be from the attack have now been posted on the ShinyHunters site with the same October
           10th deadline. When contacted again, a representative for S&P Global declined to address the
           claims directly, stating, “as a US listed company, we are required to publicly disclose material
           cybersecurity incidents.”






















































      https://dataconomy.com/2025/10/07/shinyhunters-extorts-red-hat-over-stolen-cer-data/                          2/2