Carmax (Partial) Breach
Oct 10, 2025
451,994 rows
Added on Oct 3, 2025
What happened in the Carmax (Partial) Breach?
DataBreach.com Team Β· October 2nd 2025, 8:00 pm EDT
The incident is one of several breaches affecting Salesforce in 2025. A group calling itself "Scattered LAPSUS$ Hunters" released a limited sample of the stolen database on October 3, 2025. The records have since been indexed and anonymized in our search engine.
According to the attackers, the full dataset is scheduled for release on October 10, 2025.
Data found in hackersβ sample - CarMax customer record
π§ Personal Information
- Full name - β Present
- First name - β Present
- Last name - β Present
- Middle name - β Present
- Birthdate - β Present
- Gender - β Empty
- Age - β Empty
π§ Contact Information
- Primary email - β Present
- Mobile phone number - β Present
- Home phone number - β Present
- Other phone number - β Present
- Fax number - β Present
- Do-not-call flags (home, mobile, other) - β Present (all true)
- Do-not-email / do-not-fax flags - β Present (true)
- Text reminder consent flag - β Present (false)
- Ready-to-talk text flag - β Present (false)
π Address / Location Data
- Mailing street, city, state, ZIP, country - β Present
- Other address (duplicate fields) - β Present
- Shipping address - β Present (country only)
- Latitude / longitude - β Empty
- Billing address - β Present
- State & country codes - β Present
π¬ Account & CRM Data
- Account source - β Present (βWebβ)
- Lead source - β Present (βWebβ)
- Record type - β Present
- Account creation / modification dates - β Present
- SystemModstamp - β Present
- CRM customer ID - β
Present (
My_KMX_Id) - Account / record flags (IsPersonAccount, IsPartner, etc.) - β Present
- Customer risk formula - β Present (true)
- Description / lead type - β Present (βReassignment Leadβ)
- Priority record flag - β Present (false)
π³ Communication & Marketing
- Auto text reminder consent date - β Present
- Automated reminder opt-out - β Present (true)
- Email opt-out - β Present (true)
- Fax opt-out - β Present (true)
- SMS / mobile opt-in - β Empty
βοΈ System Metadata
- Created date - β Present
- Last modified date - β Present
- Last activity date - β Present
- Owner / created by IDs - β Empty (not included in snippet)
- SystemModstamp - β Present
- Photo URL - β Empty
Recent News
Ho-ly G*t: TeamPCP Claims Theft of Thousands of GitHub Internal Repositories
a month ago
17M Nissan cars impacted by large ransomware attack
3 months ago
Iranian hackers just used Strykerβs own security tools to delete itself
4 months ago
Massive Odido cyberattack leaks customer IBANs and government IDs
4 months ago
Figure breach proves blockchain cannot save us from human error
4 months ago
Substack notifies users of data breach affecting nearly 700,000 accounts
5 months ago
UPenn claims "Under 10" victims in 1.2M breach involving donors like Trump and Musk
5 months ago
How 0apt is Using Random Noise to Fake a Ransomware Empire
5 months ago
Hackers Are Now Using Global-e Data to Target Ledger Owners at Their Home Addresses
6 months ago
Meta Denies Instagram Breach After Password Reset Panic
6 months ago
Why the 2.3 Million Wired Record Breach Is a Nightmare for CondΓ© Nast
6 months ago