Back to news
Cybersecurity Alert
July 5, 2026 by EmailMeNow IT Consulting

Was CFGI Breached? We Scanned Their Domain Security

CFGI appears on Have I Been Pwned with 248,235 accounts after a ShinyHunters Salesforce extortion leak. Independent audit scores cfgi.com at 64% with strong identity but 15% transport security.

Source: Have I Been Pwned

NewsData BreachShinyHuntersSalesforceFinancial ServicesCybersecurity
Financial consulting firm targeted by ShinyHunters Salesforce data breach

Yes — CFGI (cfgi.com) was breached. The financial consulting and advisory firm now appears on Have I Been Pwned with 248,235 accounts from a March 2026 ShinyHunters “pay-or-leak” extortion campaign targeting the company’s Salesforce environment.

HIBP added the breach on June 18, 2026. Exposed data includes corporate contact information — email addresses, names, phone numbers, and physical addresses — useful to attackers crafting targeted fraud against CFGI clients and finance teams.

We scanned cfgi.com to assess email and domain security posture after this CRM leak.

What Happened

According to Have I Been Pwned:

  • March 2026 — ShinyHunters targeted CFGI in a pay-or-leak extortion campaign.
  • The group publicized data allegedly obtained from CFGI, including 248,235 unique email addresses.
  • Associated fields include names, phone numbers, and physical addresses.
  • HIBP added the breach on June 18, 2026.

CFGI provides financial consulting, transaction advisory, and accounting services to middle-market companies — making its CRM contact database valuable for BEC, invoice fraud, and impersonation of advisory staff.

Illustration: ShinyHunters Salesforce extortion against financial consulting firm CRM

Breach Impact at a Glance

FieldDetail
VictimCFGI (cfgi.com)
SectorFinancial consulting & advisory
Threat actorShinyHunters
Source systemSalesforce (alleged)
Accounts affected248,235
Breach periodMarch 2026
Added to HIBPJune 18, 2026
Data typesEmails, names, phone numbers, addresses

Data at Risk

Exposed records may include:

  • Corporate contact directories with direct-dial numbers
  • Email addresses for partners, clients, and staff
  • Physical addresses for social-engineering pretexting
  • Relationship metadata mapping advisory teams to client accounts

Advisory firms are frequent business email compromise targets because a single convincing spoof can redirect closing funds or confidential financial packages.

Illustration: financial advisory client contact records exposed from CRM breach

Independent Cybersecurity Audit

We ran an EmailMeNow Cybersecurity Audit of cfgi.com on July 5, 2026:

DomainOverallIdentityTransportWebsiteRisk
cfgi.com64%75%15%45%Above Average

Key findings:

  • 64% overall (Above Average) — better than many ShinyHunters victims, but still below the 100% ideal.
  • 75% Identity & Spoofing — relatively strong DMARC/SPF posture compared to peers in this wave.
  • 15% Transport Security — persistent MTA-STS/TLS-RPT gap shared across most victims in this campaign.
  • 45% Website Security — room to improve public-site transport headers.

Strong identity helps, but transport weaknesses still leave mail paths vulnerable to downgrade — and leaked CRM contacts fuel convincing phishing regardless of SPF scores.

Audit link: cfgi.com audit

Priority Actions


Sources: HIBP — CFGI · EmailMeNow audit — cfgi.com