Vishing, or voice phishing, is a type of social engineering attack where attackers impersonate legitimate entities over the phone to trick individuals into revealing sensitive information.

Ransomware is a type of malicious software that encrypts a victim's files, making them inaccessible until a ransom is paid to the attacker.

What is personally identifiable information (PII)?

Personally identifiable information (PII) refers to any data that can be used to identify an individual, such as names, addresses, phone numbers, and social security numbers.

A data breach is an incident where unauthorized individuals gain access to sensitive, protected, or confidential data, often leading to identity theft or financial loss.

What is social engineering?

Social engineering is a manipulation technique that exploits human psychology to gain confidential information, often used in cyber attacks.

Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Headlines > Almost 1 billion Salesforce records stolen, hacker group claims

Headlines

Almost 1 billion Salesforce records stolen, hacker group claims

Published by Global Banking & Finance Review®

Posted on October 3, 2025

2 min read

Last updated: January 21, 2026

Almost 1 billion Salesforce records stolen, hacker group claims - Headlines news and analysis from Global Banking & Finance Review

Hacker Group Claims Theft of Nearly 1 Billion Salesforce Records

LONDON (Reuters) -Cybercriminals connected to a recent string of ransomware attacks on major British retailers said on Friday they had stolen almost 1 billion records from cloud technology giant Salesforce by focusing on companies that use its software.

A group calling itself "Scattered LAPSUS$ Hunters" told Reuters it had obtained the Salesforce records, and said they contain personally identifiable information. The group also claimed responsibility for the hacks of Marks & Spencer, Co-op and Jaguar Land Rover earlier this year.

Reuters was not able to verify the group’s claims. Salesforce said its systems were not hacked.

"At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology," a Salesforce spokesperson said.

One of the hackers, who identified themselves as Shiny, told Reuters in an email they did not directly hack Salesforce, but targeted Salesforce customers using "vishing," or voice phishing, a form of social engineering attack in which hackers impersonate employees to IT help desks over the phone.

Scattered LAPSUS$ Hunters published a leak site on the darkweb on Friday which listed around 40 other companies it said it had hacked. It was not clear if those companies were Salesforce clients. Both the hackers and Salesforce declined to say if they were negotiating a ransom.

In June, security researchers at Google's Threat Intelligence Group said the group, which it tracks as "UNC6040," had “proven particularly effective at tricking employees” into installing a modified version of Salesforce’s Data Loader, a proprietary tool used to bulk import data into Salesforce environments.

Technical infrastructure tied to the hacking campaign shares characteristics with suspected ties to the broader and loosely organised ecosystem known as “The Com,” which is known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the Google researchers said.

In July, British police arrested four people under 21 as part of a police investigation into cyberattacks that disrupted operations at UK retailers.

(Reporting by James Pearson; Editing by Sergio Non and Diane Craft)

Almost 1 billion Salesforce records stolen, hacker group claims

Quick Summary

Hacker Group Claims Theft of Nearly 1 Billion Salesforce Records

Key Takeaways

Frequently Asked Questions about Almost 1 billion Salesforce records stolen, hacker group claims