HMH (Partial) Breach

The incident is one of several breaches affecting Salesforce in 2025. A group calling itself "Scattered LAPSUS$ Hunters" released a limited sample of the stolen database on October 3, 2025. The records have since been indexed and anonymized in our search engine.

According to the attackers, the full dataset is scheduled for release on October 10, 2025.

Data found in hackers’ sample -

🧍 Personal Information

• Full name - ✅ Present
• Account type (“Prospect”) - ✅ Present
• Division / department - ✅ Present
• Customer class - ✅ Present (“Individual / Consumer”)
• Grade range - ✅ Present (“-”)
• School type - ✅ Present (“Other”)
• Gender - ⛔ Empty
• Birthdate - ⛔ Empty

📧 Contact Information

• Email address - ✅ Present
• Phone number - ✅ Present
• Mailing / billing address - ✅ Present (street, city, state, ZIP, country)
• Shipping address - ✅ Present (street, city, state, ZIP, country)
• County - ✅ Present (“ST. CROIX”)
• Latitude / longitude - ✅ Present (geocoded address)

🏢 Account / Organization Information

• Account ID - ✅ Present
• Account name - ✅ Present
• Account type - ✅ Present (“Consumer”)
• Account group - ✅ Present (“Z001”)
• Account status - ✅ Present (“Active Lead”)
• Account division - ✅ Present (“SCH”)
• Account region - ✅ Present (“NAM”)
• District / parent district name - ✅ Present
• District ID and PID - ✅ Present
• District account roll-up name and source IDs - ✅ Present
• Strategic account flag - ✅ Present (false)
• Territory and region codes - ✅ Present (Eloqua 999999, SAOT region OT)
• SAP customer number - ✅ Present
• Legacy source ID - ✅ Present
• Customer source / data source - ✅ Present (“SAP”)

💬 Marketing & Communication

• Telemarketing contact flags (elementary, secondary, district) - ✅ Present (“No”)
• Heinemann tier description - ✅ Present (“Other”)
• HMH Insights support field - ✅ Present (“HMH Insights”)
• Manage contact URL - ✅ Present (Salesforce portal link)
• Data quality description - ✅ Present (“Missing: Industry, Rating”)
• Marketing or Eloqua territory field - ✅ Present (“999999”)

💳 System & Operational Fields

• Internal account ID (SAP and Salesforce IDs) - ✅ Present
• Credit and shipping terms - ✅ Present (“Credit By: Ship To”, “FOB: Shipping Point”)
• Service group - ✅ Present (“P3”)
• Service priority - ✅ Present (“Standard”)
• Office / front or back office fields - ✅ Present (with embedded image markup)
• Import test / placeholder - ✅ Present
• Industry check - ✅ Present (“No”)
• Account region and country - ✅ Present (“NAM”, “USA”)
• SkillsTutor / Heinemann fields - ✅ Present
• User reporting filter (numeric flag) - ✅ Present (1.0)
• Account count - ✅ Present (1.0)

⚙️ System Metadata

• Created date / by - ✅ Present
• Last modified date / by - ✅ Present
• SystemModstamp - ✅ Present
• RecordTypeId - ✅ Present
• OwnerId - ✅ Present
• Photo URL - ✅ Present
• Division (internal Salesforce code) - ✅ Present
• Account ID (Full 18-character) - ✅ Present
• Experian QAS update timestamp - ✅ Present
• Flags like “MDTPenabled”, “K_12_AE_Validate” - ✅ Present