Yes — Moody Bible Institute (moody.edu) was breached. The Chicago-based Christian college and ministry organization now appears on Have I Been Pwned with 2,303,416 accounts tied to a June 2026 incident in which ShinyHunters ran a “pay or leak” extortion campaign.
HIBP added the breach on July 3, 2026. Published data includes names, dates of birth, genders, marital statuses, phone numbers, and physical and email addresses for donors, supporters, students, and alumni — according to The Register and Cybersecurity News.
In a June 22, 2026 statement, Moody Bible Institute confirmed it was among several colleges targeted in June, implemented security protocols, engaged external forensic experts, and notified law enforcement. ShinyHunters published the stolen cache on June 23, 2026 after extortion demands were not met.
We scanned moody.edu and moodybible.org to assess email and domain security posture relevant to this leak.
What Happened
According to Have I Been Pwned, Moody’s disclosure, and threat-intelligence reporting:
- June 2026 — ShinyHunters targeted Moody Bible Institute in a pay-or-leak extortion campaign.
- June 22, 2026 — Moody published an investigation update; IT teams addressed a vulnerability and engaged forensic experts.
- June 23, 2026 — ShinyHunters published stolen data publicly after negotiations failed.
- July 3, 2026 — HIBP indexed 2.3M+ unique email addresses and associated PII.
Reporting from The Register notes ShinyHunters cited an Oracle PeopleSoft angle in the MBI attack — consistent with the group’s broader 2026 higher-education campaign against campus ERP and donor systems.

Breach Impact at a Glance
| Field | Detail |
|---|---|
| Victim | Moody Bible Institute (moody.edu) |
| Sector | Christian higher education / ministry |
| Threat actor | ShinyHunters |
| Accounts affected | 2,303,416 |
| Breach period | June 2026 |
| Added to HIBP | July 3, 2026 |
| Populations exposed | Students, alumni, donors, supporters |
| Alleged source | Internal systems / PeopleSoft (reported) |
Data at Risk
Exposed records may include:
- Full names and email addresses
- Physical addresses and phone numbers
- Dates of birth, genders, and marital statuses
- Donor relations documents and supporter records
Because the leak maps donor and alumni contact graphs, affected individuals face elevated phishing, gift-card fraud, and impersonation of ministry staff — not just routine spam.

What Moody Has Said
Moody’s June 22 notice states the investigation remains ongoing and that the institute will notify affected individuals directly if additional protective measures are warranted under breach-notification laws. Until then, Moody advises affiliates to:
- Review financial and online account statements for suspicious activity
- Use credit freezes and fraud alerts
- Maintain strong, unique passwords on online accounts
Independent Cybersecurity Audit
We ran an EmailMeNow Cybersecurity Audit on July 7, 2026:
| Domain | Overall | Identity | Transport | Website | Risk |
|---|---|---|---|---|---|
| moody.edu | 64% | 75% | 15% | 45% | Above Average |
| moodybible.org | 64% | 75% | 15% | 45% | Above Average |
Key findings:
- 64% overall (Above Average) — better than many breached colleges, but still below the 100% ideal for an institution holding donor PII and student records.
- 75% Identity & Spoofing — partial-to-strong DMARC posture helps block some spoofed
@moody.edumessages during an active leak window. - 15% Transport Security — no effective MTA-STS enforcement or TLS-RPT on either domain.
- 45% Website Security — public web hardening lags email identity scores.
- 100% Email Infrastructure — both domains route through Microsoft 365 / Exchange.

Stronger identity scores than some ShinyHunters victims do not undo a 2.3M-record leak — but weak 15% transport still leaves room for downgrade attacks on breach-notification email.
Audit links:
Priority Actions
If you are a Moody student, alumnus, donor, or supporter:
- Check Have I Been Pwned for exposure.
- Be skeptical of urgent donation, tuition, or “ministry update” emails — verify through moody.edu directly.
- Place fraud alerts or credit freezes via IdentityTheft.gov.
For colleges and faith-based nonprofits:
- Audit PeopleSoft / ERP exposure and donor-database access — ShinyHunters has targeted campus systems repeatedly in 2026.
- Deploy DMARC
p=rejectand MTA-STSmode=enforceto reach the 100% ideal on both identity and transport. - Segment donor CRM from general faculty email; monitor bulk exports.
Related Trackers
- Have I Been Pwned 2026 tracker
- Government & education breaches
- Infinite Campus / ShinyHunters (Jun 2026)
- Berkadia / ShinyHunters (Jul 2026)
- Ransomware threat landscape
- Breach monitoring guide
Protect donor, alumni, and student correspondence.
Run a free Instant Cybersecurity Audit at audit.emailmenow.com or contact EmailMeNow IT Consulting for DMARC enforcement, MTA-STS deployment, and incident response planning.
Sources: HIBP — Moody Bible Institute · Moody — data incident investigation · The Register — ShinyHunters leak · Cybersecurity News — Moody breach · EmailMeNow audit — moody.edu