A ShinyHunters-linked leak involving Inter-Con Security Systems exposed 285,983 indexed records from Salesforce and OneDrive, with a breach date listed as June 19, 2026 (leaksear.ch metadata). Inter-Con describes itself as a global security services provider with more than 40,000 employees, and public breach trackers list icsecurity.com as a ShinyHunters victim in mid-June 2026 (icsecurity.com, www.breachsense.com, socradar.io).
What happened
Breachsense lists Inter-Con Security Systems as a June 19, 2026 data breach victim with the domain icsecurity.com and ShinyHunters as the threat actor (www.breachsense.com). SOCRadar separately lists icsecurity.com as a ShinyHunters incident discovered on June 18, 2026, with the status “Data Leaked” and a note that data was published on the group’s leak site (socradar.io).
The indexed leak material is described as Salesforce and OneDrive data leaked by ShinyHunters in June 2026 (leaksear.ch metadata). Public sources reviewed for this article do not confirm the initial access path for the Inter-Con incident, so this article does not attribute it to a specific method such as vishing, token theft, or a misconfiguration.
The broader context is that Salesforce customer environments have been a recurring target for financially motivated data theft. Google Threat Intelligence Group reported in 2025 that UNC6040 used voice phishing to compromise Salesforce instances and that later extortion activity sometimes claimed the ShinyHunters brand, while Salesforce has warned customers about social engineering, malicious connected apps, and modified Data Loader-style tooling used to exfiltrate data (cloud.google.com, www.salesforce.com). That context should not be read as confirmation of how the Inter-Con data was obtained.
What data was exposed
The leaksear.ch index contains 285,983 normalized records from Salesforce contacts, leads, users, opportunity-owner contact records, selected case records, and OneDrive file inventory rows for employee identity, training, and certification documents (leaksear.ch metadata).
Searchable fields include names, email addresses, phone numbers, physical addresses, countries, and usernames (leaksear.ch metadata). Other stored fields include Salesforce contact and lead attributes, job titles, departments, account and company names, lead source and status, Salesforce user profile information, case numbers, case status and priority, case subjects and comments, and OneDrive file metadata such as document type, filename, extension, modified timestamp, and file size (leaksear.ch metadata).
The structured index excludes low-value billing and account exports and the bulk SharePoint business-document archive, according to the supplied indexing metadata (leaksear.ch metadata).
Why this matters
Inter-Con provides security services to public and private-sector clients, including government, utilities, corporate, and critical infrastructure environments, according to the company’s own description (icsecurity.com). Contact records, job context, case metadata, and employee document inventories can help attackers craft convincing phishing, vendor-impersonation, recruiting, or help-desk pretexts.
For incident responders, the most practical risk is targeted social engineering against employees, customers, vendors, and people named in Salesforce records. Individuals and organizations that have interacted with Inter-Con should check whether their name, email, phone number, username, address, or country appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, email, name, phone, and username.
Sources
- Breachsense: Inter-Con Security Systems Data Breach in 2026
- SOCRadar: icsecurity.com Ransomware Attack by Shinyhunters
- Inter-Con Security: Homepage
- Inter-Con Security: History
- Google Cloud: The Cost of a Call: From Voice Phishing to Data Extortion
- Salesforce: Protect Your Salesforce Environment from Social Engineering Threats