A BCD Travel leak indexed by leaksear.ch contains 232,540 records tied to Azure user exports and Salesforce leads, contacts, users, agreements and support cases, with the metadata breach date listed as May 29, 2026 (leaksear.ch metadata). BCD Travel is a business travel management company headquartered in Utrecht, the Netherlands, with clients in 170+ countries (www.bcdtravel.com).
What happened
Public reporting links the incident to ShinyHunters' 2026 pay-or-leak extortion activity. DeXpose reported that on May 29, 2026 ShinyHunters claimed an attack against BCD Travel and alleged theft of more than 700,000 Salesforce records plus corporate SharePoint data, with a June 1 deadline for negotiations (www.dexpose.io).
Cybernews later reported that ShinyHunters published BCD Travel data after the ransom deadline was not met, and that the leaked material included personal information and support tickets; HIBP listed BCD Travel as a May 2026 breach with 396.3 thousand affected accounts and 396,313 unique email addresses (cybernews.com, haveibeenpwned.com). For this article, the scale is the leaksear.ch indexed dataset count, 232,540 records, while HIBP's public page reports affected accounts by unique email address (leaksear.ch metadata, haveibeenpwned.com).
That public record does not establish the exact initial access method. ICT Magazine reported BCD Travel confirmed an investigation after suspicious activity through an internal account, while Mozilla Monitor lists May 29, 2026 as the breach date and June 5, 2026 as the date the breach was added to its database (www.ictmagazine.nl, monitor.mozilla.org).
What data was exposed
The indexed data includes emails, names, phone numbers, addresses, countries and usernames as searchable fields (leaksear.ch metadata). The stored record context includes Salesforce leads, contacts, user records, agreements and support cases, plus Azure user-export attributes such as display name, company name, user type, identifiers and account status metadata (leaksear.ch metadata).
Other stored fields include job titles, employer or account relationships, mailing and street-address fields, department information, Salesforce record identifiers, agreement names/statuses, support case subjects/descriptions/status metadata, contact phones and marketing/tracking fields such as UTM, Google Analytics and click identifiers (leaksear.ch metadata). HIBP's public breach page independently lists email addresses, employers, job titles, names, phone numbers, physical addresses and support tickets, and Mozilla Monitor states that passwords were not exposed in this breach (haveibeenpwned.com, monitor.mozilla.org).
Why this matters
Even without passwords, the combination of contact details, employer relationships, job titles and support-ticket context can help attackers craft believable BCD Travel, corporate travel, invoice, itinerary or help-desk phishing lures. For organizations, exposed account and agreement metadata can provide context for impersonating travel coordinators, sales/account contacts or support teams. Individuals should treat unexpected travel-support messages, payment requests or account-verification calls that reference BCD Travel or an employer travel program as suspicious and verify them through known company channels. To check whether your data appears in this leak, use the search option below.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, email, name, phone, and username.
Sources
- BCD Travel: Get to know us
- DeXpose: ShinyHunters Strike BCD Travel in USA Ransomware Attack
- Cybernews: ShinyHunters dump 400K BCD Travel customers data online
- Have I Been Pwned: BCD Travel Data Breach
- ICT Magazine: ShinyHunters claimt datadiefstal bij groot internationaal zakenreisbureau - update
- Mozilla Monitor: BCD Travel Data Breach