</>ScanMyVibe
SCAN FREE
← BREACH ALERTS
HIGH2026-05-29via haveibeenpwned

🚨 BCD Travel Breach — 396K Accounts Exposed

BCD Travel suffered a data breach affecting 396K accounts. Here's what happened, what data was exposed, and what you should do right now.

396,313
ACCOUNTS
HIGH
SEVERITY
7
DATA TYPES

What Happened

In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other exposed data included names, addresses, phone numbers, job titles and employer names, spanning a variety of different data sets including leads, internal staff and support tickets.

Impact

  • Affected accounts: 396K
  • Data exposed: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses, Support tickets
  • Severity: HIGH
  • Source: [haveibeenpwned](https://haveibeenpwned.com/PwnedWebsites#BCDTravel)

    • What You Should Do

    If you have an account with BCD Travel, take these steps immediately:

  • **Change your password** — Use a unique, strong password (16+ chars with mixed case, numbers, symbols)
  • **Enable 2FA** — Turn on two-factor authentication if available
  • **Check your email** — Search for breach notifications from BCD Travel
  • **Monitor your accounts** — Watch for unauthorized access on any service where you reused the same password
  • **Scan your site** — If you run a website, [run a free ScanMyVibe scan](https://scanmyvibe.co/scan) to check if your own security headers and configurations protect against common attack vectors

    • Is Your Website Secure?

    Data breaches often exploit weak security configurations — missing Content-Security-Policy headers, misconfigured CORS, exposed API keys. These are exactly the issues ScanMyVibe detects in under 30 seconds.

    [Scan your site free →](https://scanmyvibe.co/scan)

    Timeline

  • 2026-05-29 — Breach reported
  • 2026-05-29 — ScanMyVibe breach alert published
  • Ongoing — Investigation in progress

    • This article is auto-generated by ScanMyVibe's breach monitoring system. Sources are verified but details may evolve as investigations progress. Last updated: 2026-06-05.

    IS YOUR SITE NEXT?

    Scan your website for the same vulnerabilities that cause breaches like this one.

    SCAN FREE — 150+ CHECKS