| 2025-10-03 |
1-800Accountant |
|
|
| 2025-10-03 |
IKEA |
Over 14M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 14761683 ikea.txt
We possess:
- Full Name
- Email Address
- Phone Number
- City / Zip Code
- IKEA metadata (loyalty number, etc)
|
Screen |
| 2025-10-03 |
Chanel |
Over 1M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 1106976 chanel.jsonl
We possess:
- Full Name
- Email Address
- Phone Number
- Residence Addresses
|
Screen |
| 2025-10-03 |
TransUnion |
Over 13M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 13107653 tu_new_account_1753816229.402118.jsonl
- 139137 tu_new_contact_1753816407.5243459.jsonl
- 197893 trans_livechattranscript_1753730517.658049.jsonl
- 96 trans_table_list_1753729564.264813.jsonl
- 4544 trans_user_1753729517.170741.jsonl
We possess:
- Full Name
- Email Address
- Phone Numbers
- Residence Addresses
- Date of Birth
- Social Security Number
- Live Chat Transcript (Communications between customer and support agent)
- Employee Information |
Screen |
| 2025-10-03 |
Pandora.net |
Over 34M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 8904824 pandora_accounts.csv
- 25382083 pandora_contacts.csv
We possess:
- Full Name
- Email Address
- Phone Numbers
- Residence Addresses |
Screen |
| 2025-10-03 |
Cisco |
Over 1.4M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 1440000 cisco_account_1753284210.9682112.jsonl
- 696500 cisco_contact_1753284238.979494.jsonl
- 182289 cisco_user_1753284263.0331383.jsonl
We possess:
- Email addresses
- Full Names
- Employee Information/data
- Phone numbers |
Screen |
| 2025-10-03 |
Google Adsense |
Over 2.5M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 2550800 GAds_account_1751304142.7605689.jsonl
- 18200 googleads_account_1751303954.7664676.jsonl.bak
- 18649 User-6_30_2025.csv
We possess:
- Employee information – usernames, LDAP formulas, hidden rep names, direct phone & mobile numbers, office addresses and employee-number fields.
- Publisher business profiles – company/legal name, website URL, street / city / state / postal / country address, phone & fax, employee count, NAICS/D-U-N-S identifiers and internal sales-status notes.
- Contact & credential data – account IDs, owner/user IDs, e-mail addresses, AdWords/AdSense customer IDs and prospect-qualification metadata.
- Commercial metrics – historical Google-ad spend, average deal size, revenue figures, number of campaigns and growth-potential scores. |
|
| 2025-10-03 |
Air France-KLM |
Over 12.3M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 12305429 afkl_account_1753838198.022474.jsonl
- 12428214 afkl_contact_1753838219.8312433.jsonl
- 7513673 afkl_emailmessage_logs__c_1753839265.6152027.jsonl
- 3930954 afkl_flight_information__c_1753839222.3195446.jsonl
- 2587021 afkl_livechatvisitor_1753839297.043767.jsonl
- 150 afkl_table_list_1753838242.8449106.jsonl
- 18588 afkl_user_1753838265.6071687.jsonl
We possess:
- Full Name
- Email Address
- Phone Number
- Residence Addresses
- Flying Blue Number
- Country of Residence
- Employee Information
- Flight Information
- Internal Emails content
- Live Chat messsages between employee and customer |
Screen |
| 2025-10-03 |
Saksfifth |
Over 1.1M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 1168531 saks.txt
We possess:
- Full Name
- Email Address
- Phone Numbers
- Residence Addresses |
Screen |
| 2025-10-03 |
CarMax |
Over 451k records containing sensitive Personally Identifiable Information (PII) have been exfiltrated from your systems.
Record Count:
- 451994 carmax.txt
We possess:
- Email addresses
- Full Names
- Residence Addresses
- Phone numbers |
Screen |
| 2025-10-03 |
Qantas Airways Limited |
Over 5M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 5877796 qanasaccount_account_1751064192.4739919.jsonl
- 5969578 qanas_contact_1751064095.6194806.jsonl
We possess:
- Full Name
- Email Address
- Phone Number
- Residence Addresses
- Date of Birth
- Frequent Flyer Numbers |
Screen |
| 2025-10-03 |
TripleA (aaa.com) |
Over 11.1M+ records of Personally Identifiable Information (PII) have been compromised.
AFFECTED REGIONAL AFFILIATES AND/OR FEDERATION OF INDEPENDENTLY OPERATED CLUBS:
State-level clubs:
AAA Alabama, AAA Arizona, AAA Carolinas, AAA Colorado, AAA Hawaii, AAA Hoosier Motor Club, AAA Kentucky, AAA Michigan, AAA Minnesota/Iowa, AAA Missouri, AAA Nebraska, AAA New Mexico, AAA North Dakota, AAA Northern New England, AAA Ohio Auto Club, AAA Oklahoma, AAA Oregon/Idaho, AAA Tidewater Virginia, AAA Wisconsin, and AAA Western and Central New York.
Regional associations and federated entities:
AAA Central Penn, AAA East Central, AAA East Penn, AAA Eastern Auto Club, AAA Mid-Atlantic, AAA Mid States Group, AAA North Jersey, AAA Northway, AAA South Central Ohio, AAA Southern Indiana, AAA Southern PA, AAA West Penn, and AAA West Pennwest.
County or metro-based clubs:
AAA Akron Auto Club, AAA Berks, AAA Blair County, AAA Butler County, AAA Cincinnati, AAA Erie County, AAA Fairfield County, AAA Lancaster County, AAA Lehigh Valley, AAA Massillon A Club, AAA Miami County, AAA Northampton County, AAA North Penn, AAA Reading Berks, AAA Rochester, AAA Schuylkill County, AAA Susquehanna Valley, and AAA Tuscarawas County.
Record Count:
- 11193616 triplea.csv
We possess:
- Full Name
- Email Address
- Phone Number
- Residence Addresses
- Date of Birth
- TripleA metadata |
Screen |
| 2025-10-03 |
Adidas |
Over 20 million records containing sensitive Personally Identifiable Information (PII) have been exfiltrated from your systems.
Record Count:
- 20241212 adidas.txt
We possess:
- Email addresses
- Full Names
- Residence addresses
- Phone numbers
- Date of Birth |
Screen |
| 2025-10-03 |
Cartier |
Over 4.5M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 45351972 cartier.txt
We possess:
- Full Name
- Email Address
- Country
- Date of Birth
|
Screen |
| 2025-10-03 |
Puma SE |
Over 6M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 6861349 puma.csv
We possess:
- Full Name
- Email Address
- Phone Number
- Residence Addresses |
Screen |
| 2025-10-03 |
Petco |
Over 94M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 94403424 petco.csv
We possess:
- Full Name
- Email Address
- Phone Numbers
- State |
Screen |
| 2025-10-03 |
Instacart |
Over 39M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 39262001 instacart.csv
We possess:
- Full Name
- Email Address
- Phone Numbers
- Residence Addresses
- Username |
Screen |
| 2025-10-03 |
HBO Max |
Over 7.7M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 7750156 hbomax.csv
We possess:
- Full Name
- Email Address
- Phone Numbers
- Zip Codes |
Screen |
| 2025-10-03 |
Kering (Gucci, Balenciaga, Brioni, AlexMcQ) |
Over 55M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 12924814 kering.txt
- 43483137 gucci.txt
We possess:
- Full Name
- Email Address
- Phone Number
- Residence Addresses
- Date of Birth
- Total Purchased |
Screen |
| 2025-10-03 |
Engie Resources (Plymouth) |
Over 537k+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 341925 er_plymouth_account_1752860099.4838963.jsonl
- 195821 er_plymouth_contact_1752860178.2377875.jsonl
We possess:
- Full Name
- Email Address
- Phone Number
- Residence Addresses
- Employee Information
- Client/Company Information
- Employee Information/Number of Employees
- Bank Account Information (Account numbers, reference number, bank name) |
Screen |
| 2025-10-03 |
Albertsons Companies, Inc. |
Over 672k+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 372000 albertsons_account_1752497960.5937457.jsonl
- 298000 albertsons_contact_1752498049.6261835.jsonl
- 2497 albertsons_user_1752498009.357377.jsonl
We possess:
- Full Name
- Email Address
- Phone Number
- Residence Addresses
- Employee Information |
Screen |
| 2025-10-03 |
Instructure.com - Canvas |
Over 2.3M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 2310689 canvas2_contact_1751921761.351086.jsonl
- 391623 canvas_account_1751921584.8754213.jsonl
- 37367 canvas_instance__c_1751967293.5862858.jsonl
- 225263 canvas_institution__c_1751967459.7500334.jsonl
- 53338 canvas_user_1751969117.7376382.jsonl
We possess:
- Full Name
- Email Address
- Phone Numbers
- Residence Addresses
- Live Chat Transcripts/Logs
- Employee Information
- School/Instances Information |
Screen |
| 2025-10-03 |
Fujifilm |
Over 224k+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 224868 fujifilm.csv
We possess:
- Full Name
- Email Address
- Phone Number
- Residence Addresses |
Screen |
| 2025-10-03 |
HMH (hmhco.com) |
Over 5.3M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 1727290 hmh_account_1751923310.1411371.jsonl
- 3672400 hmh_contact_1751923596.513013.jsonl
- 38313 hmh_user_1751970537.32384.jsonl
We possess:
- Full Name
- Email Address
- Phone Number
- Residence Addresses
- Teacher/Student Contact Information
- School Information (Student/Teacher Count)
- Employee Information |
Screen |
| 2025-10-03 |
GAP, INC. |
Over 224k+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 224000 Gap_account_1752782549.3206651.jsonl
- 49959 Gap_user_1752782746.8102357.jsonl
We possess:
- Full Name
- Email Address
- Phone Number
- Residence Addresses
- Rewards Info (Points, Tier, etc)
- Employee Information |
Screen |
| 2025-10-03 |
ASICS |
Over 4.7M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 1575000 Asics_account_1752784655.70705.jsonl
- 3204000 Asics_contact_1752784726.9595277.jsonl
- 1085 Asics_user_1752784843.906308.jsonl
We possess:
- Full Name
- Email Address
- Date of Birth
- Account Number
- Employee Information |
Screen |
| 2025-10-03 |
KFC |
Over 1M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 1117000 kfc_contact_1750959216.4208307.jsonl
- 5380 kfc_account_1750959189.021745.jsonl
We possess:
- Full Name
- Email Address
- Phone Number
- Residence Addresses |
Screen |
| 2025-10-03 |
McDonalds |
Over 12M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 12160763 mcd3_account_1750979849.3206658.jsonl
- 12179869 mcd3_contact_1750979828.0353196.jsonl
We possess:
- Full Name
- Email Address
- Phone Numbers
- Residence Addresses
- Social Handles |
Screen |
| 2025-10-03 |
Stellantis |
Over 18.2 million records containing sensitive Personally Identifiable Information (PII) have been exfiltrated from your systems.
Record Count:
- 502851 maserati.csv
- 9429250 fcagroup_dump_account_1754611455.9045396.jsonl
- 8134310 fcagroup_dump_contact_1754611238.6466622.jsonl
- 217250 fcagroup_dump_user_1754610763.917209.jsonl
We possess:
- Email addresses
- Full Names
- Residence addresses
- Phone numbers
- Car Owned
- Preferred Name
- Dealer Information
- Employee Information |
Screen |
| 2025-10-03 |
Walgreens |
Over 1.3M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 1293000 walgreens_account_1752493854.0890625.jsonl
- 1345250 walgreens_contact_1752493899.3048906.jsonl
- 8640 walgreens_user_1752494063.3676078.jsonl
We possess:
- Full Name
- Email Address
- Phone Numbers
- Residence Addresses
- Date of Birth
- X ID
- Walgreens Internal Account IDs
- Employee Information |
Screen |
| 2025-10-03 |
Vietnam Airlines |
Over 23M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 23129780 vietnamair.jsonl
We possess:
- Full Name
- Email Address
- Phone Number
- Date of Birth |
Screen |
| 2025-10-03 |
Marriott |
Over 1.1M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 1094588 marriott_account_1751851229.94798.jsonl
- 1113818 marriott_contact_1751851215.692389.jsonl
We possess:
- Full Name
- Email Address
- Phone Numbers
- Residence Addresses
- Date of Birth
- Bank Name
- Points Balance
|
Screen |
| 2025-10-03 |
Home Depot |
Over 24M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 10549381 accounts_dump.csv
- 17878015 casesupporttickets_dump.csv
We possess:
- Email addresses
- Full Names
- Employee Information
- Phone numbers
- Residence Addresses
- Government Employee PII
- Support Tickets |
Screen |
| 2025-10-03 |
Aeroméxico |
Over 39M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 18452859 aeromexico_account_1751658741.9559293.jsonl
- 20570299 aeromexi_contact_1751658988.9108348.jsonl
We possess:
- Full Name
- Email Address
- Phone Numbers
- Residence Addresses
- Date of Birth
- Passport Number
- Indiviual Nationality
- Gender
- Flight Information |
Screen |
| 2025-10-03 |
UPS |
Over 29M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 29618000 dump_contact_1756920755.7252588.jsonl
- 231 dump_table_list_1756920857.971315.jsonl
- 124192 dump_user_1756920425.7729604.json
We possess:
- Email addresses
- Full Names
- Residence Addresses
- Phone numbers
- Employee Information |
Screen |
| 2025-10-03 |
Republic Services |
Over 47M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 6883935 dump_account_1753900983.6637921.jsonl
- 40903239 dump_contact_1753900983.6449847.jsonl
- 265 dump_table_list_1753900983.6267016.jsonl
- 18557 dump_user_1753901144.9849534.jsonl
We possess:
- Identity & contact — company/business name, owner/decision-maker names, full mailing/billing/shipping addresses (street/city/state/ZIP), main and direct-dial phone numbers, fax numbers, and composite “mailing address” strings.
- Company profile & financials — website, industry/sector, company type (private/public), employee counts and revenue fields (where populated), D-U-N-S/NAICS placeholders, and descriptive blurbs used by sales and service teams.
- Operational & contract specifics — account status (Active/Won), service mixes (e.g., MSW; Recycling), customer-service team assignment, MSA effective/expiration dates, location counts, customer-tier metrics, approval workflows (e.g., Approval_For_New_Service, Approval_For_Service_Cancellation), and special-instruction notes with approver e-mails.
- Account & contact governance — verification flags (e.g., BriteVerify_Phone_Status: valid), primary-contact indicators, preferred contact method, influence/role tags, InfoPro/MDM numbers, opt-in/opt-out markers.
- Email & phone coordinates — corporate and personal e-mail addresses (when present), country/area prefixes, “work phone without code,” extension fields, and do-not-call flags.
- Employee information — internal user accounts (names/usernames, corporate e-mails, profile IDs, time zones, office/postal info), “Automated Process” identities tied to the republicservices.file.force.com domain, and enablement flags.
- Forms/permissions scaffolding — object lists (e.g., Access Order Form) with booleans like CanAccessCommercialIndustrialForm, revealing how customer self-service and back-office flows are gated. |
Screen |
| 2025-10-03 |
Disney/Hulu |
Over 94M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 94151500 hulu.csv
We possess:
- Full Name
- Email Address
- Phone Numbers |
Screen |
| 2025-10-03 |
FedEx |
Over 166M+ records of Personally Identifiable Information (PII) have been compromised.
Record Count:
- 3 dump_campaign_1756681853.5006268.jsonl
- 13856877 dump_case_1756679873.2015035.jsonl
- 166293145 dump_contact_1756666241.38769.jsonl
- 6483 dump_ecar__c_1756681787.72142.jsonl
- 39 dump_lead_1756681840.5658097.jsonl
- 105062 dump_liveagentsession_1756681746.989572.jsonl
- 1781616 dump_livechattranscript_1756681031.6327412.jsonl
- 1737873 dump_livechatvisitor_1756681874.8067486.jsonl
- 108 dump_table_list_1756678775.752045.jsonl
- 185044 dump_user_1756666241.3876886.jsonl
We possess:
- Email addresses
- Full Names
- Employee Information/data
- Phone numbers
- Residence Addresses
- Shipping Information (shipping type, shipper/recipient roles, tracking/subject categories, etc)
- Marketing/Lead objects (campaign names, counts [sent/leads/contacts], prospect stubs, etc)
- Support content (live chat transcripts, session data [IP, geolocation, user agent, screen res, etc], plus case records with inbound emails, subjects, etc) |
Screen |
| 2025-10-03 |
Toyota Motor Corporation |
Over 110 million records containing sensitive Personally Identifiable Information (PII) have been exfiltrated from your systems.
Record Count:
- 110295014 toyota.csv
We possess:
- Email addresses
- Full Names
- Residence addresses
- Phone numbers |
Screen |
| 2025-10-03 |
Salesforce, Inc. |
This message serves as formal notification that Salesforce, Inc. has been hacked by us and faced a major information security breach.
Near 1 billion records containing sensitive Personally Identifiable Information (PII) have been exfiltrated from your systems.
The processed data we took includes information subject to a lot of privacy regulations. As we have it in our possession, you are directly facing cross-border legal exposure.
Other records hold strategic value, which could compromise Salesforce, Inc.’s market position if released.
We also dumped over 100+ other unnamed instances because you do not enforce 2FA or any other type of OAuth Apps security.
Failure to meet these demands will ultimately have us release all of the compromised data and you will be dealing with the escalation of all consequences described above. Because you had no preventive measures in place you will be dealing with them a lot.
A lot more information about full lists of companies and each of their data samples can be provided to you, if requested.
Unless you comply with our demand, as of 10/10/25 (deadline), we will be openly complying with the many law firms that are pursuing civil and commercial litigation against you. Specifically, we will be cooperating with the Berger Montague Law Firm if you do not comply with our request. Not only will we provide them with full lists of affected companies along with the information on the breach and data samples of each affected companies, we will also be contacting said companies and affected individuals from each companies with instructions to aid law firms with their lawsuits against your company.
We will also be documenting publicly how your company made little to no attempt to prevent unauthorised access to PII, which contained, including but not limited to, Driver Licenses, Date of Births, Social Security Numbers, and more. For example, we e-mail taunted you from shinygroup[at]tuta[.]com in July 2025 and you never took any further preventative action to stop us. This especially proves our point, it would be bad if we went public with this and showed proof.
We will also be submitting a full document, with clear outlines of how your company as a data controller under European GDPR and many other similar laws such as CCPA, HIPAA, etc. could have, over our year long campaign, prevented such intrusions and data-thefts.
This document will contain technical details regarding how our attacks were conducted, the fingerprint of our requests and how this clear defined pattern of networking traffic could have been easily blocked. This document will contain specific details regarding; number of US, Californian, European, and many other global citizens affected from mainly data violation strict countries like South Korea and China, along with the fields of data exposed.
Lastly, our documentation will also include and suggest that there are grounds for Criminal Negligence charges. Salesforce had a duty of care, of implementing reasonable security measures to prevent these simple data breaches. Salesforce was provided the intelligence of the attacks taking place, the time and opportunity to make a reasonable effort to prevent these attacks. Considering that these attacks took place over many months, we believe that you have been criminally negligent to these attacks taking place.
Our documentation will be directly provided to the UNITED STATES DISTRICT OF NORTHERN DISTRICT OF CALIFORNIA, we will engage in open dialogue with our press contacts, civil/commercial litigation lawyers, and answering any questions asked.
As you have likely been informed by your lawyers. You are responsible as a data processor to take all measures pursuant to Article 32 of GDPR; section 2, in assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular, unauthorized disclosure of, or access to personal data transmitted, stored, of otherwise processed. As our campaign spans over a full year period, it is correct to say that you had time to assess your liabilities and risks, and then take all measures pursuant to that same article, under Section 2.
As you know all of this can be avoided. Very easily and swiftly.
To reiterate, we have full access to your systems, should the ransom demand not be met, your data will be released in full.
Should you comply, we will withdraw from any active or pending negotiation indiviually from your customers. Your customers will not be attacked again nor will they face a ransom from us again, should you pay. We are able to thoroughly elaborate more on this if you engage with us. |
Screen |
