Instructure (Partial) Breach

The incident is one of several breaches affecting Salesforce in 2025. A group calling itself "Scattered LAPSUS$ Hunters" released a limited sample of the stolen database on October 3, 2025. The records have since been indexed and anonymized in our search engine.

According to the attackers, the full dataset is scheduled for release on October 10, 2025.

Data found in hackers’ sample -

🧍 Personal Information (Contact)

• Full name - ✅ Present
• Job title - ✅ Present (“Director, Bachelors Program”)
• Organization name - ✅ Present (“Westminster College”)
• Birthdate - ⛔ Empty
• Gender - ⛔ Empty

📧 Contact Information

• Email address - ✅ Present
• Phone number - ✅ Present
• Mailing address (street, city, state, ZIP, country) - ✅ Present
• Country - ✅ Present
• Alternate phone / email - ⛔ Empty

🏫 Organization / Institution Data (Account)

• Account name - ✅ Present (“Harrisburg Area Community College - Harrisburg”)
• Account type - ✅ Present (“HIED”)
• Industry - ✅ Present (“Higher Education”)
• Sub-type - ✅ Present (“2 Year Public”)
• Country - ✅ Present (“United States”)
• State / region - ✅ Present (“Pennsylvania”)
• Address (street, city, ZIP, latitude/longitude) - ✅ Present
• Organization type - ✅ Present (“Higher Ed”)
• Org classification - ✅ Present (“Community College”)
• Sector - ✅ Present (“Public”)
• Profit status - ✅ Present (“Non-Profit”)
• EIN (tax ID) - ✅ Present
• IPEDS / federal education identifiers - ✅ Present
• Institution size (FTE / employee count) - ✅ Present
• Relationship type - ✅ Present (“Client / Customer - Active”)

💬 Marketing & Communication Preferences

• Marketing opt-in flag - ✅ Present (true)
• GDPR opt-in flag - ✅ Present (true)
• Marketing consent timestamp - ✅ Present
• News, product updates, conferences, resources preferences - ✅ Present
• Email opt-out / call opt-out - ⛔ Empty

📊 Engagement & Customer Health Data

• Relationship score - ✅ Present (“Red”)
• Value score - ✅ Present (“Yellow”)
• Experience score - ✅ Present (“Green”)
• Gainsight customer health score - ✅ Present (numeric + date)
• Customer success manager / account executive - ✅ Present
• Active contacts & engagement levels - ✅ Present
• Web engagement metrics (visits, minutes, people) - ✅ Present
• Product NPS update - ✅ Present
• Relationship last updated - ✅ Present (July 2025)

🧩 CRM & Sales Intelligence Fields

• Account IDs & record IDs - ✅ Present
• Record type IDs - ✅ Present
• Owner IDs - ✅ Present
• Created / modified dates - ✅ Present
• SystemModstamp - ✅ Present
• Primary LMS (previous/current) - ✅ Present (e.g., “Blackboard 8,” “D2L”)
• Contracted ARR / Serviced ARR - ✅ Present
• Renewal model & pricing method - ✅ Present
• Customer success region - ✅ Present
• Territory, market, and segment codes - ✅ Present
• Product targeted - ✅ Present (“Canvas”)
• Relationship stage - ✅ Present (“Engaged Demand”)
• Propensity to buy - ✅ Present (numeric 1.0)
• Ideal customer profile - ✅ Present
• Active subscription details - ✅ Present
• Case routing / support level - ✅ Present
• Tech stack integrations (Marketo, Gainsight, NetSuite) - ✅ Present
• Salesforce integration links (Gainsight, Marketo, etc.) - ✅ Present

⚙️ System Metadata

• Owner / creator IDs - ✅ Present
• Photo URLs - ✅ Present
• Record timestamps (created, modified, activity) - ✅ Present
• System flags (IsDeleted, IsPriorityRecord) - ✅ Present
• Territory & region fields - ✅ Present
• Pushed-to-NetSuite date - ✅ Present
• Migration / enrichment timestamps - ✅ Present