Massive Data Breach Affects 39 Companies Due to Salesforce Vulnerability
On October 3, 2025, Hackread.com reported a significant cybersecurity incident involving the theft of 989 million records from 39 notable companies globally. This breach was reportedly executed by a hacker group exploiting a vulnerability in Salesforce. The group, identifying as “Scattered Lapsus$ Hunters,” demanded negotiations with Salesforce and the affected organizations by October 10, 2025, threatening to release the stolen data if their demands went unheeded.
Among the companies affected, six have had their data made public, including Fujifilm, GAP, Inc., Vietnam Airlines, Engie Resources, Qantas Airways Limited, and Albertsons Companies, Inc. The released datasets reportedly contain extensive personal information such as names, email addresses, physical addresses, and sensitive identification numbers. This level of exposure poses serious risks not only to individual privacy but also to the operational integrity of these businesses.
Qantas Airways Limited’s leaked data set is particularly alarming, comprising 153 GB based on JSON files and containing over five million records. It combines personally identifiable information with internal loyalty program data, raising significant concerns about both customer security and company liability.
Similarly, Vietnam Airlines’ leaked information amounts to 63.62 GB, with over 23 million records made public. This dataset, too, contains sensitive data elements such as frequent flyer numbers and personal identification details. The scale of these leaks aligns with larger trends seen in recent breaches, emphasizing the vulnerability of major corporations to sophisticated cyberattacks.
Even smaller companies, such as Albertsons, with a breach totaling 2 GB and containing 672,000 records, underscore that no entity is too small to be targeted. Other companies including GAP, Inc. and Fujifilm also experienced breaches of 1 GB and 155 MB, respectively, further illustrating the widespread impact of this attack.
The Salesforce vulnerability exploited in these incidents is indicative of broader issues within third-party data management practices. The security flaws in such platforms have raised critical questions about the adequacy of existing defenses. Within the MITRE ATT&CK framework, techniques such as initial access through exploitation of public-facing applications, as well as data exfiltration tactics, could provide insight into the methodologies employed by the attackers.
In a statement released on Telegram, the hackers claimed that no further leaks would occur, leaving the future of any unreleased data in limbo. However, the already exposed information will likely have extensive repercussions, potentially leading to identity theft and significant reputational damage for the involved companies.
The aftermath of this unprecedented breach requires organizations to reassess their cybersecurity protocols and consider the risks associated with third-party data handling. With the threat landscape evolving rapidly, businesses must remain vigilant in their efforts to protect sensitive information and ensure robust defenses against future attacks.
