Cisco (Partial) Breach

The incident is one of several breaches affecting Salesforce in 2025. A group calling itself "Scattered LAPSUS$ Hunters" released a limited sample of the stolen database on October 3, 2025. The records have since been indexed and anonymized in our search engine.

According to the attackers, the full dataset is scheduled for release on October 10, 2025.

Data found in hackers’ sample - Cisco Systems (Customer & Employee records)

🧍 Personal Information (Contact)

• Full name - ✅ Present
• Title / department - ⛔ Empty
• Birthdate - ⛔ Empty
• Gender - ⛔ Empty
• Middle name / suffix - ⛔ Empty

📧 Contact Information (Customer)

• Email address - ⛔ Empty
• Phone number - ⛔ Empty
• Mobile phone - ⛔ Empty
• Mailing address (street, city, state, ZIP, country) - ✅ Present
• Alternate phone numbers - ⛔ Empty
• Fax - ⛔ Empty

🏢 Account / Company Information

• Account name - ✅ Present (“Test CSOne Customer”)
• Account ID - ✅ Present
• Account type - ✅ Present (“Customer Account”)
• Industry - ⛔ Empty
• Revenue / employees - ⛔ Empty
• Ownership / ticker symbol - ⛔ Empty
• Active flag - ✅ Present (“Active”)
• Partner / portal flags - ✅ Present (IsCustomerPortal: true, IsPartner: false)

💬 Customer Experience / Service Data

• CSAT and survey fields - ✅ Present (all showing 0.0 or “N/A”)
• Complexity counts / averages - ✅ Present (0.0, “N/A”)
• Hot issues count - ✅ Present (0.0)
• Survey opt-out flag - ✅ Present (false)
• Sync flag - ✅ Present (false)
• Opt-out reason - ⛔ Empty

👩‍💻 Employee / User Information

• Username - ✅ Present
• Full name - ✅ Present
• Email - ✅ Present
• Company name - ✅ Present (“Cisco Conference Room Pilot Org”)
• Role / job title - ⛔ Empty
• Workgroup and manager info - ✅ Present (manager name and workgroup ID)
• Alias and community nickname - ✅ Present
• Department / division - ⛔ Empty
• Time zone / locale - ✅ Present
• Language - ✅ Present (“en_US”)
• Last login date - ✅ Present
• Created / modified timestamps - ✅ Present
• SystemModstamp - ✅ Present
• Employee number / worker ID - ⛔ Empty

⚙️ System & CRM Metadata

• Record creation / modification dates - ✅ Present
• Account owner / creator IDs - ✅ Present
• SystemModstamp - ✅ Present
• Record type IDs - ✅ Present
• Photo URLs - ✅ Present
• IsDeleted flag - ✅ Present (false)
• Privacy hold flag - ✅ Present (false)
• Currency - ✅ Present (“USD”)