Ikea (Partial) Breach

The incident is one of several breaches affecting Salesforce in 2025. A group calling itself "Scattered LAPSUS$ Hunters" released a limited sample of the stolen database on October 3, 2025. The records have since been indexed and anonymized in our search engine.

According to the attackers, the full dataset is scheduled for release on October 10, 2025.

Data found in hackers’ sample - IKEA customer records

🧍 Personal Information

• Full name - ✅ Present
• Loyalty / membership number - ✅ Present
• Profile type - ✅ Present (“Family”)
• Social Security number - ⛔ Empty (field exists but never populated)
• Date of birth - ⛔ Empty
• Gender - ⛔ Empty

📧 Contact Information

• Email address - ✅ Present
• Mobile phone number - ✅ Present
• Secondary / home phone number - ⛔ Empty
• City - ✅ Present
• Postal code - ✅ Present
• Country - ✅ Present (implied U.S.)
• Mailing / physical address - ⛔ Empty

💳 Account & CRM Data

• Loyalty account number - ✅ Present
• Party UID (unique customer identifier) - ✅ Present
• CIF account references - ✅ Present (multiple linked systems: IRW, CIAM, IMC, ODBUS)
• Subscription status - ✅ Present (“Y”)
• External IDs - ✅ Present
• Account linkage across systems - ✅ Present
• Risk / consent / preference flags - ⛔ Empty

💬 Marketing & Communication

• Opt-in / subscription flags - ✅ Present
• Marketing preferences - ⛔ Empty
• Advertising or segmentation data - ⛔ Empty

⚙️ System Metadata

• Created / updated timestamps - ⛔ Empty
• System identifiers (account, external IDs, linked systems) - ✅ Present
• Internal party associations - ✅ Present