Aman
MediumA breach at ultra-luxury brand Aman exposed sensitive client data in April 2026.
- Records exposed
- 215,563 records
- Breach date
- Breach Apr 20, 2026
- Last update
- Updated May 1, 2026
What data was exposed?
Fields reported as compromised in this breach record.
Why does this breach matter?
In-depth analysis of the breach and its implications.
In April 2026, Aman, an ultra-luxury hotel brand, experienced a data breach following an extortion attempt by the group known as ShinyHunters. Compromised data, allegedly sourced from Aman’s Salesforce CRM platform, was publicly exposed after ransom demands were not met. The breach impacted over 215,000 unique records, which included sensitive data such as dates of birth, phone numbers, and VIP statuses, among others.
Impact Analysis
Understanding the scope and consequences of this breach.
- User Impact
- Users may face targeted phishing scams leveraging their personal and identifiable information.
- Business Impact
- The breach may result in reputational damage and potential financial losses due to legal and regulatory consequences.
- Affected Sectors
- Hospitality
- Luxury Goods Retail
- Geographic Impact
- Global
What You Should Do
Recommended actions to take in response to this breach.
If You Were Affected
- •Alter passwords for accounts tied to the affected email addresses.
- •Monitor accounts for phishing attempts or unauthorized activities.
- •Consider identity theft protection services.
Preventive Measures
- •Utilize services that anonymize data provided to third-party providers.
- •Increase protections around CRM systems including access controls and monitoring.
- •Raise awareness about extortion attempts targeting companies.
Frequently Asked Questions
Common questions about this breach and what it means for you.