Data Breaches
Hallmark is a company known for its greeting cards and gifts. It also operates the Hallmark+ streaming service.
Key Takeaways
- In March 2026, a data breach exposed the email addresses, names, phone numbers, physical addresses, and support tickets of 1.7 million Hallmark customers.
- This incident is part of a broader pattern of data breaches involving the ShinyHunters extortion group, which has targeted other companies by gaining access to data stored within Salesforce.
- Individuals affected by this breach should be vigilant about potential phishing attempts and identity theft, as their personal information has been exposed.
Breach Overview
In March 2026, Hallmark experienced a data breach that exposed the personal information of approximately 1.7 million customers. The exposed data included email addresses, names, phone numbers, physical addresses, and support tickets. This incident affected both Hallmark and Hallmark+ streaming service users. The company has publicly acknowledged the incident, and it has been verified by Have I Been Pwned.
Exposed Data
Timeline & Cause
The data breach occurred in March 2026, specifically around March 9, 2026, when attackers gained access to data stored within Salesforce. The incident was disclosed on April 12, 2026, after the attackers, identified as the ShinyHunters extortion group, published the stolen data when Hallmark reportedly did not meet their extortion demands.
Next Steps
If you are a Hallmark customer, you should be aware that your email address, name, phone number, and physical address may have been exposed. It is recommended to be cautious of any suspicious emails, calls, or mail that may attempt to trick you into revealing more personal information or clicking on malicious links. Consider changing your password for your Hallmark account and any other accounts where you might have used the same password. Additionally, monitor your financial statements and credit reports for any unusual activity that could indicate identity theft.