UPS (Partial) Breach

The incident is one of several breaches affecting Salesforce in 2025. A group calling itself "Scattered LAPSUS$ Hunters" released a limited sample of the stolen database on October 3, 2025. The records have since been indexed and anonymized in our search engine.

According to the attackers, the full dataset is scheduled for release on October 10, 2025.

Data found in hackers’ sample -

🧍 Personal Information

• Full name - ✅ Present
• Email address - ✅ Present
• Phone number - ✅ Present
• Mailing address (street, city, state, ZIP, country) - ✅ Present
• Latitude / longitude - ✅ Present (in shipping address)
• Gender - ⛔ Empty
• Date of birth / age - ⛔ Empty
• Nationality / country of residence - ✅ Present (U.S. and Argentina)

🏢 Company / Business Information

• Account / company name - ✅ Present
• Industry - ✅ Present (“Not Available”)
• Website - ⛔ Empty (field exists in UPS account structure but none listed)
• Billing and shipping addresses - ✅ Present (Chicago, Illinois, U.S.)
• Account number - ✅ Present (UPS internal numeric ID)
• Business unit / division / region - ✅ Present (“US,” “Argentina,” “AMERICAS”)
• Department / title - ✅ Present (e.g., “Invoice Collector”)
• District / operating center - ✅ Present (“District 46,” “Argentina”)
• Customer segment - ✅ Present (“D4-Platform and Indirect”)
• Type of account - ✅ Present (“On Call Air,” “Customer”)

🪪 Identification Data

• Internal Salesforce IDs (Account, Contact, User) - ✅ Present
• Record type IDs - ✅ Present
• Account / customer number - ✅ Present
• Operating service center ID - ✅ Present
• Manager and owner IDs - ✅ Present
• External / government IDs - ⛔ Empty

📧 Contact Information

• Customer email - ✅ Present
• Employee email - ✅ Present
• Phone numbers (mobile, office) - ✅ Present
• Alternate phone numbers - ⛔ Empty
• Fax - ⛔ Empty

💬 Marketing & Communication Preferences

• Opt-out of email / fax / direct mail - ✅ Present (false across all)
• Promotional and newsletter preferences - ✅ Present (false)
• Service updates and regulatory change notifications - ✅ Present (false)
• Customer service contact flags - ✅ Present
• “Remove me from email communications” flag - ✅ Present (false)
• Email autoresponse preferences - ✅ Present (false)

⚙️ System Metadata

• Record creation and modification timestamps - ✅ Present
• Created by / last modified user IDs - ✅ Present
• SystemModstamp / sync timestamps - ✅ Present
• Currency codes - ✅ Present (“USD”)
• Owner and manager info - ✅ Present
• IsDeleted, IsPriorityRecord flags - ✅ Present (false)
• User locale, language, and timezone - ✅ Present
• Photo URLs and banner images - ✅ Present
• User role and profile - ✅ Present
• Login history - ✅ Present (dates and IDs)

👩‍💼 Employee / User Data

• Employee name - ✅ Present
• Username and alias - ✅ Present
• Title - ✅ Present (“Invoice Collector”)
• Region and district - ✅ Present
• Department / reporting manager - ✅ Present
• Active / inactive status - ✅ Present (inactive in this sample)
• Time zone, locale, language - ✅ Present
• Last login date - ✅ Present
• Email encoding and notification preferences - ✅ Present
• Partner / portal status - ✅ Present (false)

⚖️ Privacy & Legal Fields

• Opt-out and consent flags - ✅ Present (all false)
• Do-not-call and do-not-mail flags - ✅ Present (false)
• Marketing opt-ins - ✅ Present (false)
• No SSNs, payment data, or sensitive identifiers - ⛔ Empty