Data Breach at Moody Bible Institute Exposes 2.3 Million Records
Personal information belonging to more than 2.3 million individuals associated with the Moody Bible Institute (MBI) has been leaked online following a cyberattack by the extortion group ShinyHunters. The exposed data includes names, dates of birth, physical addresses, email addresses, phone numbers, and marital statuses. The incident, first disclosed by the institution in June, has since been confirmed by the breach notification service Have I Been Pwned, which added the cache to its database.
How Did the Breach Occur?
The Moody Bible Institute identified a security vulnerability within its systems in June. According to an official statement released by the organization, the school’s technology team addressed the flaw and engaged external cybersecurity experts to assist with the incident response. Despite these efforts, the threat actor ShinyHunters—a group known for “pay-or-leak” extortion tactics—proceeded to publish the stolen files on June 23. The leaked data includes not only individual records but also internal documents related to donor relations, alumni, and current students.
Who Is ShinyHunters?
ShinyHunters is a prolific cybercriminal collective that has been linked to numerous high-profile data breaches. The group maintains a leak site that has listed 86 victims since January, though security researchers suggest the actual figure is likely higher, as organizations that pay extortion demands are often removed from the list. The group has been previously associated with attacks on major entities including Salesforce, Carnival, and Pitney Bowes. Earlier in the year, the group gained significant attention for a breach involving the learning platform Canvas, which exposed the data of approximately 275 million students, prompting national security alerts.
What Should Affected Individuals Do?
Following the discovery of the breach, MBI urged all affiliated parties to remain vigilant against potential fraud. The institution recommended that individuals monitor their personal accounts closely and utilize free credit freezes and fraud alerts to protect their identities. As of late June, the institute noted that it was working with outside experts to navigate the situation. The organization has emphasized its reliance on internal and external teams to secure its ministry and the data of those it serves.
Context of the Attack
The attackers claimed the MBI cache was part of a larger campaign targeting Oracle PeopleSoft users, alleging that the campaign affected more than 100 organizations. While MBI has not publicly confirmed whether it entered into negotiations with the attackers, the publication of the data indicates that any demands made by the group were not satisfied.

Key Takeaways
- Scope: Over 2.3 million records were leaked, including sensitive PII (Personally Identifiable Information).
- Timeline: MBI disclosed the vulnerability in June, with the data leak occurring on June 23.
- Attribution: The attack is attributed to the cybercriminal group ShinyHunters.
- Response: MBI has engaged third-party cybersecurity experts and advised stakeholders to implement credit freezes.
Related reading