Fedex (Partial) Breach

The incident is one of several breaches affecting Salesforce in 2025. A group calling itself "Scattered LAPSUS$ Hunters" released a limited sample of the stolen database on October 3, 2025. The records have since been indexed and anonymized in our search engine.

According to the attackers, the full dataset is scheduled for release on October 10, 2025.

Data found in hackers’ sample -

🧍 Personal Information

• Full name - ✅ Present
• Job title / department - ⛔ Empty
• Gender - ⛔ Empty
• Date of birth / age - ⛔ Empty
• Nationality / country of residence - ✅ Present

🪪 Identification Data

• Internal Salesforce record IDs - ✅ Present
• Customer / account IDs - ✅ Present
• Employee or user IDs - ✅ Present
• Tracking and case numbers - ✅ Present
• Passport or government ID - ⛔ Empty

📧 Contact Information

• Email addresses - ✅ Present (multiple customer and staff addresses)
• Phone numbers - ✅ Present (work phone and system contact fields)
• Street address - ✅ Present (company and customer addresses)
• City, state, postal code, country - ✅ Present
• Fax, alternate, and mobile numbers - ⛔ Mostly empty

🏢 Company / Business Information

• Company names - ✅ Present
• Business role or contact type (e.g., shipper, case owner) - ✅ Present
• Department or division - ⛔ Empty in most records

💬 Chat & Interaction Data

• Live chat transcript text - ✅ Present (short real-time conversation logs)
• Chat timestamps and duration - ✅ Present
• Browser, device, and IP address info - ✅ Present
• Location derived from IP - ✅ Present
• Visitor network name - ✅ Present
• Referrer URL and browser language - ✅ Present
• Chat agent and customer identifiers - ✅ Present

📨 Customer Support Case Data

• Case number and ID - ✅ Present
• Case subject and description - ✅ Present (included full email thread text)
• Customer and company contact info - ✅ Present
• Case category, language, and region - ✅ Present
• Account number and tracking number fields - ⛔ Empty
• Proof of delivery / survey flags - ⛔ Empty
• Case status and timestamps - ✅ Present
• Internal queue and SLA data - ✅ Present

💳 Account & Communication Preferences

• Opt-in / opt-out flags (email, SMS, phone) - ✅ Present
• HasOptedOutOfEmail - ✅ Present (false)
• DoNotCall settings - ✅ Present
• Preferred communication method - ✅ Present
• Other consent or survey flags - ⛔ Mostly empty

⚙️ System Metadata

• Record creation and modification timestamps - ✅ Present
• Creator and owner IDs - ✅ Present
• SystemModstamp and internal tracking fields - ✅ Present
• User account details (system usernames, company affiliations) - ✅ Present
• Login or activity timestamps - ✅ Present for chat and case logs
• Password or authentication data - ⛔ Empty

🔗 Cross-System and Integration Data

• Connected system IDs (LiveChat, Case, Account, Contact links) - ✅ Present
• Email domain and tracking relationships - ✅ Present
• External system references - ✅ Present (e.g., “Applied_eCAR”)
• Federation or partner identifiers - ⛔ Empty

⚖️ Privacy & Legal Fields

• Data rights or opt-out flags - ✅ Present
• Confidentiality disclaimers in email text - ✅ Present (inside case description)
• Legal/notice text from customer email - ✅ Present
• Government ID or sensitive personal docs - ⛔ Empty