Nexstar Media Group is investigating a potential cybersecurity incident after the ShinyHunters extortion group claimed to have stolen more than one million Salesforce records and additional internal corporate data from the broadcasting giant.
While the threat actors have not publicly leaked any data yet, they have published claims on their extortion portal and shared samples with CyberInsider that appear to contain employee and business information.
The threat actor listed “Nexstar.tv” on its extortion site on June 11, 2026, alleging the compromise of “over 1 million Salesforce records and other internal corporate data containing PII.” The posting described itself as a “final warning” and gave the company until June 14, 2026, to make contact before the data is released.
According to information the attackers shared with CyberInsider, the intrusion occurred on June 6, 2026. To support their claims, the group provided screenshots and data samples that appear to originate from Salesforce exports and internal corporate repositories.
These appear to show 1.1 million account entries with contact records and user databases. There is also employee-related data, including names, email addresses, job titles, office locations, and organizational details associated with Nexstar personnel. The threat actor claimed access to more than 6,300 SharePoint files and approximately 31 GB of internal data. It's important to note, however, that these claims have not been verified yet.
CyberInsider
Nexstar Media Group is one of the largest television broadcasting companies in the United States, operating nearly 200 television stations across numerous markets. The company owns and manages a wide range of local news operations and national media assets, including NewsNation and The CW Network.
Responding to our request for a comment on the threat actor’s allegations, Nexstar provided CyberInsider with the following statement:
“Nexstar is aware of reports of a potential IT security incident and is looking into it. There is no disruption to our operations.” – Nexstar spokesperson
The company has not confirmed that a breach occurred, and the allegedly stolen data has not yet been released.
ShinyHunters is a notorious cybercrime group linked to numerous high-profile data theft and extortion campaigns targeting organizations worldwide. The group typically pressures victims into negotiations by publishing breach claims and releasing samples of stolen data before conducting a full data leak.
At the time of writing, the authenticity and scope of the alleged Nexstar breach have not been independently verified.
Leave a Reply