Puma (Partial) Breach

The incident is one of several breaches affecting Salesforce in 2025. A group calling itself "Scattered LAPSUS$ Hunters" released a limited sample of the stolen database on October 3, 2025. The records have since been indexed and anonymized in our search engine.

According to the attackers, the full dataset is scheduled for release on October 10, 2025.

Data found in hackers’ sample -

🧍 Personal Information

• Full name - ✅ Present (“Samya Atra”)
• First name - ✅ Present
• Last name - ✅ Present
• Gender - ⛔ Empty
• Birthdate - ⛔ Empty
• Title / salutation - ⛔ Empty
• Department - ⛔ Empty

📧 Contact Information

• Primary email - ✅ Present
• Secondary email - ⛔ Empty
• Mobile phone - ⛔ Empty
• Home phone - ⛔ Empty
• Primary phone - ✅ Present
• Fax number - ⛔ Empty

🏠 Address / Location Data

• Billing address - ✅ Present (street, city, state, ZIP, country)
• Shipping address - ✅ Present (same as billing)
• Mailing address - ✅ Present (same as billing)
• Latitude / longitude - ⛔ Empty
• Country - ✅ Present (“USA”)

💳 Account & Business Data

• Brand affiliation name - ✅ Present (“Cost Plus World Market”)
• Partner affiliation - ⛔ Empty
• Industry - ⛔ Empty
• Account name - ✅ Present (“Cost Plus World Market”)
• Account type - ⛔ Empty
• Annual revenue - ⛔ Empty
• Number of employees - ⛔ Empty
• Partner flag - ⛔ Empty
• Brand code - ⛔ Empty

💬 Marketing & Communication

• Source system - ✅ Present (“Puma”)
• Support email - ⛔ Empty
• Spam flag - ✅ Present (false)
• Spotlight tracking fields - ⛔ Empty (fields exist but blank)
• Do-not-reply flag - ✅ Present (false)

⚙️ System Metadata

• Record created date - ✅ Present (2019-09-28T21:25:20.000Z)
• Last modified date - ✅ Present (2025-02-09T00:20:33.000Z)
• SystemModstamp - ✅ Present (2025-02-09T00:20:33.000Z)
• Record type - ✅ Present (PersonAccount)
• Account / record IDs - ✅ Present
• Owner / creator IDs - ⛔ Empty
• IsDeleted flag - ✅ Present (false)