Albertsons Breach

Oct 10, 2025

672,000 rows

Added on Oct 11, 2025

Data Found in the Breach

Phone Number

Name

Home Address

What happened in the Albertsons Breach?

DataBreach.com Team · October 10th 2025, 8:00 pm EDT

In early October 2025, Albertsons Companies, Inc., one of the nation’s largest grocery chains, appeared on the leak site of a group calling itself Scattered LAPSUS$ Hunters. The group alleged that it had exfiltrated data from Albertsons’ Salesforce environment, as part of a broader 2025 campaign targeting Salesforce-connected organizations.

On October 10, 2025, Scattered LAPSUS$ Hunters posted what it described as the complete Albertsons dataset, following a teaser leak shared a week earlier. Our independent parse identified 179,200 unique phone numbers, 141,800 unique email addresses, and 7,900 home addresses contained in the data. The archive bears structural traits consistent with Salesforce CRM exports, including internal identifiers and regional tags.

However, Albertsons has not confirmed any security incident, and the origin of the records-whether tied to customers, employees, or third-party marketing data-remains unverified.

Breach Unveiled

October 3, 2025: Scattered LAPSUS$ Hunters list Albertsons on their leak site and publish a limited preview.
October 10, 2025: The actor releases what it claims is the full archive, citing a Salesforce connection.

Status and Verification

At this stage, the Albertsons incident remains unconfirmed. While the dataset includes structured contact information typical of CRM exports, there is no official validation that the records originated from Albertsons systems or that they represent current data.

About the Threat Actor

Scattered LAPSUS$ Hunters surfaced in mid-2025, styling themselves as heirs to LAPSUS$ tactics against SaaS and identity systems. The group runs a public leak site with countdown timers and explicit ransom demands, pressuring organizations to pay or see their data published. While the campaign is extortion-driven and does not rely on encryption, it features overt ransom negotiations and deadlines-for example, a widely reported Oct. 10 deadline and subsequent data dumps.

Data found in breach

🧍 Personal Information (Contacts)

Full name - ✅ Present
Birthdate / age - ⛔ Empty
Gender - ⛔ Empty
Customer type - ✅ Present (“Customer”)

📧 Contact Information

Email address - ✅ Present
Mobile number - ✅ Present
Home or business phone - ✅ Present
Mailing address (street, city, state, ZIP, country) - ✅ Present
Alternate address (“OtherAddress”) - ✅ Present (country only)
Receive mail preference - ✅ Present (true)

💳 Customer / Loyalty Data

Club Card number - ✅ Present
Club Card status - ✅ Present (“Active”)
Enrollment date - ✅ Present
Enrollment method / procedure - ✅ Present (“Store”)
Loyalty level - ✅ Present (“Best” / “Good”)
Customer ID / GUID - ✅ Present
UCA Customer ID (unique CRM identifier) - ✅ Present
Preferred store and division - ✅ Present
Primary store ID - ✅ Present
Primary division - ✅ Present
Club Card organization ID - ✅ Present
Account age - ✅ Present (numeric value in seconds)
Marketing / offer preferences - ✅ Present (one “stop all marketing” flag set true on one record)
Online enrollment match - ✅ Present (true)