SYS::ONLINE
Wasteland.
Briefs1204
Issues19
SinceFeb 2026
LIVE
▣ Breach INTER-CON-SECURITY 2026-07-14

Inter-Con Security Systems: ShinyHunters Data Breach

"Inter-Con Security Systems, a Pasadena, California-based multinational private security firm, is under legal investigation after the cybercriminal group ShinyHunters claimed to have breached its systems and stolen…"

Inter-Con Security Systems, a Pasadena, California-based multinational private security firm, is under legal investigation after the cybercriminal group ShinyHunters claimed to have breached its systems and stolen roughly 2.7 million records. The exposed data covers current and former employees, security personnel, and clients affiliated with the company. As of this writing, Inter-Con has not publicly confirmed the incident or notified affected individuals, and the law firm Schubert Jonckheer & Kolbe LLP has opened an investigation into the breach.

What Happened

On June 19, 2026, ShinyHunters, a threat actor with a long track record of high-volume data theft and extortion, publicly claimed responsibility for breaching Inter-Con Security Systems and alleged the theft of approximately 2.7 million records. The claim surfaced through the actor's typical channels, where stolen datasets are advertised, teased, or offered for sale as leverage against the victim.

Inter-Con provides armed and unarmed security officers, risk management, protective services, executive protection, and security consulting to government, corporate, and critical infrastructure clients worldwide. That client base makes any confirmed compromise of its internal data significant well beyond the company itself.

Nearly a month after the actor's claim, Inter-Con has not confirmed the incident or notified affected individuals. That silence prompted Schubert Jonckheer & Kolbe LLP to announce an investigation on July 13, 2026, warning that the delay may violate federal or state data breach notification laws.

What Was Taken

According to the investigation, the data potentially compromised in the breach includes personally identifiable information (PII) belonging to current and former employees, security personnel, and clients, as well as internal corporate data.

The scale is substantial: roughly 2.7 million records. For a private security company, the sensitivity is compounded by the nature of the workforce. Security personnel records can include home addresses, government identifiers, licensing details, and assignment information tied to sensitive client sites. Internal corporate data may expose operational details about protective services and critical infrastructure engagements.

Individuals whose information was exposed face elevated risk of identity theft, fraud, and targeted social engineering.

Why It Matters

Inter-Con guards government facilities, corporate campuses, and critical infrastructure. A breach of the personnel and operational data behind that mission is not an ordinary consumer data incident. Exposed rosters, site assignments, and executive protection details could give adversaries a map of who protects what, and where.

ShinyHunters is a financially motivated actor known for large-scale data theft and extortion campaigns targeting corporate victims. When such a group claims a breach and the victim stays quiet, downstream victims are left without the warning they need to protect themselves.

The apparent gap between the June 19 claim and any public acknowledgment also carries legal weight. Data breach notification laws at both the federal and state levels impose timelines on disclosure, and prolonged silence can convert a security failure into a regulatory and civil liability problem.

The Attack Technique

The specific intrusion vector has not been disclosed. Inter-Con has not confirmed the breach, and no technical root-cause analysis has been made public.

ShinyHunters has historically favored credential-based access, exploitation of exposed cloud storage and databases, and compromise of third-party services and developer platforms to exfiltrate large datasets. The group typically extracts data quietly, then surfaces publicly to pressure the victim into payment. Absent confirmation from Inter-Con, attribution of the entry method remains unverified and based on the actor's known patterns rather than confirmed forensics.

What Organizations Should Do

Sources: PRIVACY ALERT: Inter-Con Security Systems, Inc. Under Investigation for Data Breach Affecting Approximately 2.7 Million Records