[October-3-2025] Daily Cybersecurity Threat Report

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. L.G. Balakrishnan & Bros. Ltd falls victim to MEDUSA Ransomware

Category: Ransomware
Content: The group claims to have obtained the organization’s data and plans to publish it within 26 to 27 days.
Date: 2025-10-03T14:38:46Z
Network: tor
Published URL: (http://s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion/detail?id=a813afd72e7bda9abd58f820e4ec8cb7)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/681be0be-d637-40eb-ac66-917e4419a368.jpg
Threat Actors: MEDUSA
Victim Country: India
Victim Industry: Manufacturing & Industrial Products
Victim Organization: l.g. balakrishnan & bros. ltd
Victim Site: lgb.co.in

2. KillServer Team claims to target India

Category: Alert
Content: A recent post by the group indicates the they are targeting india
Date: 2025-10-03T14:07:12Z
Network: telegram
Published URL: (https://t.me/KillServerTeam/21)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/dfdcc9b6-2a31-4f42-bf2b-cb3725059c9e.png
Threat Actors: KillServer Team
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

3. UNDERGROUND-NET targets the multiple websites of Indonesia

Category: Defacement
Content: The group claims to have defaced the multiple websites of Indonesia.
Date: 2025-10-03T14:06:43Z
Network: telegram
Published URL: (https://t.me/c/2195292966/1225)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/d9fcc507-68db-4ff6-98ea-f848a59b7ae7.JPG
Threat Actors: UNDERGROUND-NET
Victim Country: Indonesia
Victim Industry: Non-profit & Social Organizations
Victim Organization: cendekiawan kampung
Victim Site: cendekiawankampung.com

4. Alleged data sale of Chanel

Category: Data Breach
Content: The threat actor claims to be selling 2GB of data from Chanel, allegedly leaked in July 2025. The compromised data includes over 1 million records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, and residential addresses.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T13:35:44Z
Network: openweb
Published URL: (https://breachforums.hn/chanel.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/75234a71-addc-4273-936c-597d339139ee.png https://d34iuop8pidsy8.cloudfront.net/51c1e737-ee3b-4a16-8d47-a04ac5cb434b.png https://d34iuop8pidsy8.cloudfront.net/80e93c47-845a-4269-a180-ac871b29cdbf.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: France
Victim Industry: Luxury Goods & Jewelry
Victim Organization: chanel
Victim Site: chanel.com

5. Alleged data leak of unidentified jewelry stores in Israel

Category: Data Breach
Content: The group claims to have leaked 4K databases from jewelry stores in Israell, along with names, number, mail etc.
Date: 2025-10-03T13:32:47Z
Network: telegram
Published URL: (https://t.me/VFCTeam/208)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/31dc433d-e8fe-457b-b092-a32a2dd52a22.JPG
Threat Actors: V FOR VENDETTA CYBER TEAM
Victim Country: Israel
Victim Industry: Luxury Goods & Jewelry
Victim Organization: Unknown
Victim Site: Unknown

6. Sobotec Ltd. falls victim to akira ransomware

Category: Ransomware
Content: The group claims to have obtained more than 277 GB data which includes financial data, employees and customers information (passports, Social Security Numbers, emails, phones) confidential information, NDAs and other documents.
Date: 2025-10-03T13:30:15Z
Network: tor
Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/ee4f31f0-1b80-496b-bb8e-451d5d03c655.jpg
Threat Actors: akira
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: sobotec ltd
Victim Site: sobotec.com

7. Alleged data sale of CarMax, Inc.

Category: Data Breach
Content: The threat actor claims to be selling 451k of the organization’s data. The compromised data allegedly contains sensitive PII such as Email addresses, Full Names, Residence Addresses, Phone numbers. The breach reportedly occurred in May 2nd 2025, with a deadline set for October 10, 2025.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T13:29:03Z
Network: openweb
Published URL: (https://breachforums.hn/carmax.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/59db9f91-e31c-4ca7-af64-a9012dbb0905.png https://d34iuop8pidsy8.cloudfront.net/1ab78252-db51-45de-9683-702dff18614a.png https://d34iuop8pidsy8.cloudfront.net/638cb012-3820-4ce8-bc79-509e4f444c8c.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Automotive
Victim Organization: carmax, inc.
Victim Site: carmax.com

8. Alleged data sale of Qantas Airways Limited

Category: Data Breach
Content: The threat actor claims to be selling 5Million+ of the organization’s data. The compromised data allegedly contains sensitive PII such as Full Name, Email Address, Phone Number, Residence Addresses, Date of Birth, Frequent Flyer Numbers. The breach reportedly occurred in June 28th 2025, with a deadline set for October 10, 2025.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T13:28:49Z
Network: openweb
Published URL: (https://breachforums.hn/qantas.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/8dc498ee-12d6-49fd-a539-e79566344ec2.png https://d34iuop8pidsy8.cloudfront.net/dd2adbb6-705a-45ea-92b0-1351bdefa47b.png https://d34iuop8pidsy8.cloudfront.net/2c8a0b14-6145-4e8c-8d0b-2a8ed02d566e.png https://d34iuop8pidsy8.cloudfront.net/41ceee9f-510d-4199-8745-39f4160eceec.png https://d34iuop8pidsy8.cloudfront.net/cd58526a-03e9-4b53-a409-27dc7fcb7100.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Australia
Victim Industry: Airlines & Aviation
Victim Organization: qantas airways limited
Victim Site: qantas.com

9. Alleged data sale of American Automobile Association

Category: Data Breach
Content: The threat actor claims to be selling 11.1Million+ of the organization’s data. The compromised data allegedly contains sensitive PII such as Full Name, Email Address, Phone Number, Residence Addresses, Date of Birth, TripleA metadata. The breach reportedly occurred in May 2nd 2025, with a deadline set for October 10, 2025.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T13:28:28Z
Network: openweb
Published URL: (https://breachforums.hn/triplea.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/82b54221-eda7-45b5-8ca5-866432a781b8.png https://d34iuop8pidsy8.cloudfront.net/d3b45b3f-0a65-4cd6-8ae2-264a2746beca.png https://d34iuop8pidsy8.cloudfront.net/df7f4c83-e665-45ea-ab12-b30930ee026d.png https://d34iuop8pidsy8.cloudfront.net/dc3e5c8d-2850-4705-b3b3-30003136b445.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Insurance
Victim Organization: american automobile association
Victim Site: aaa.com

10. Alleged data sale of IKEA

Category: Data Breach
Content: The threat actor claims to be selling 13GB of data from IKEA, allegedly leaked in July 2025. The compromised data includes over 14 million records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, cities/ZIP codes, and more.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T13:20:49Z
Network: openweb
Published URL: (https://breachforums.hn/ikea.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/efb2a384-d3a7-46c9-a1f0-03fc9bbb07b8.png https://d34iuop8pidsy8.cloudfront.net/bf979f88-b04c-4af8-ab5f-2f49bb2f3561.png https://d34iuop8pidsy8.cloudfront.net/bd365adc-b2dc-48db-9271-3d8020a55c83.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Sweden
Victim Industry: Furniture
Victim Organization: ikea
Victim Site: ikea.com

11. Alleged data sale of 1-800Accountant

Category: Data Breach
Content: The threat actor claims to be selling 18 GB of data from 1-800Accountant, allegedly leaked on August 17, 2025.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.NB : The source URL for the post is not available.
Date: 2025-10-03T13:16:25Z
Network: openweb
Published URL: (https://breachforums.hn/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/20bae6b8-cd89-4a14-a038-1b06e168f28c.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Accounting
Victim Organization: 1-800accountant
Victim Site: 1800accountant.com

12. Alleged data sale of TransUnion LLC.

Category: Data Breach
Content: The threat actor claims to be selling 22GB of data from TransUnion LLC, allegedly leaked in June 2025. The compromised data includes over 13 million records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, residential addresses, dates of birth, social security numbers, live chat transcripts, and employee information.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T13:12:38Z
Network: openweb
Published URL: (https://breachforums.hn/transunion.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/da50f60b-00c0-40a0-b402-bc60cade3b91.png https://d34iuop8pidsy8.cloudfront.net/802bc6b4-a111-4788-8b6e-e5e74c14de1d.png https://d34iuop8pidsy8.cloudfront.net/d2f2990d-4af5-4007-997f-3c9b46c8944f.png https://d34iuop8pidsy8.cloudfront.net/505e713d-f83d-48d5-a15d-0a1779169dd7.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: transunion llc.
Victim Site: transunion.com

13. Alleged data sale of Pandora

Category: Data Breach
Content: The threat actor claims to be selling 8.3GB of data from Pandora.net, allegedly leaked in June 2025, including over 34 million records of PII such as full names, email addresses, phone numbers, and residence addresses, with files.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T13:00:19Z
Network: openweb
Published URL: (https://breachforums.hn/pandora.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/3829a146-ce80-49ae-b555-649e8e259507.png https://d34iuop8pidsy8.cloudfront.net/f2e41de4-9b46-4f1b-9c6d-13172538fe24.png https://d34iuop8pidsy8.cloudfront.net/34ba0b7c-e271-4c3c-a34c-bb1ac6e1cdf8.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Denmark
Victim Industry: Retail Industry
Victim Organization: pandora
Victim Site: pandora.net

14. Alleged sale of Adidas AG

Category: Data Breach
Content: The threat actor claims to be selling 37GB of data from Adidas AG, allegedly leaked in May 2025. The compromised data includes over 20 million records of Personally Identifiable Information (PII), such as email addresses, full names, residential addresses, phone numbers, and dates of birth.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:51:27Z
Network: openweb
Published URL: (https://breachforums.hn/adidas.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/d0ef6ebe-bc0e-44dd-a247-d3576ced5d66.png https://d34iuop8pidsy8.cloudfront.net/23d9fec2-4a16-44e2-884c-ef61f8f86edc.png https://d34iuop8pidsy8.cloudfront.net/4b35ac07-4d9b-43da-b68e-8d18265e1718.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Germany
Victim Industry: Fashion & Apparel
Victim Organization: adidas ag
Victim Site: adidas.co

15. Alleged data sale of CARTIER

Category: Data Breach
Content: The threat actor claims to be selling 1.4GB of data from CARTIER, allegedly leaked in January 2025. The compromised data includes over 4.5 million records of Personally Identifiable Information (PII), such as full names, email addresses, countries, and dates of birth.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:45:39Z
Network: openweb
Published URL: (https://breachforums.hn/cartier.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/eb3288b1-ee3c-4bc6-828b-d76463602bc3.png https://d34iuop8pidsy8.cloudfront.net/6a047450-ea8c-4257-b708-c7bcef257e0e.png https://d34iuop8pidsy8.cloudfront.net/f86f9213-d95d-4029-8a3f-74c5626c5434.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Switzerland
Victim Industry: Luxury Goods & Jewelry
Victim Organization: cartier
Victim Site: cartier.com

16. Alleged data leak of Mobileye Global Inc

Category: Data Breach
Content: The group claims to have leaked data of Mobileye Global Inc
Date: 2025-10-03T12:42:33Z
Network: telegram
Published URL: (https://t.me/Golden_falcon_team/535)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/99b1572f-bd78-4247-9a9f-ccd3e44ea664.JPG https://d34iuop8pidsy8.cloudfront.net/a91ddbed-ff1f-432a-abe6-078842a7e620.JPG https://d34iuop8pidsy8.cloudfront.net/f0f839ae-521d-4902-959d-d3e29b5209d5.JPG https://d34iuop8pidsy8.cloudfront.net/e660b00b-ab18-46ac-a5cc-33796d6f97c2.JPG
Threat Actors: Golden falcon
Victim Country: Israel
Victim Industry: Automotive
Victim Organization: mobileye global inc
Victim Site: mobileye.com

17. Alleged data sale of Cisco Systems, Inc

Category: Data Breach
Content: The threat actor claims to be selling 5.6GB of data from Cisco, allegedly leaked in July 2025, including over 1.4 million records of PII such as email addresses, full names, employee information, and phone numbers, with files.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:41:09Z
Network: openweb
Published URL: (https://breachforums.hn/cisco.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/53df23fa-c85e-463b-b1b5-ce7723b6bed4.png https://d34iuop8pidsy8.cloudfront.net/fd12a749-f266-4b19-b084-76b9e68a3add.png https://d34iuop8pidsy8.cloudfront.net/b6276690-f9c7-4ffa-a9df-329656b556fe.png https://d34iuop8pidsy8.cloudfront.net/7c103436-d2b8-404e-91b3-2ff7e31671f4.png https://d34iuop8pidsy8.cloudfront.net/f41feb43-b131-46fe-9636-8aa200c4c709.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: cisco systems, inc
Victim Site: cisco.com

18. Alleged data sale of Puma SE

Category: Data Breach
Content: The threat actor claims to be selling 3.1GB of data from Puma SE, allegedly leaked in May 2025. The compromised data includes over 6 million records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, and residential addresses.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:39:03Z
Network: openweb
Published URL: (https://breachforums.hn/puma.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/4e573b4e-2b6c-48ce-ba61-242bb0d6aa9e.png https://d34iuop8pidsy8.cloudfront.net/08820fde-c248-40cf-a977-eac71ca00d04.png https://d34iuop8pidsy8.cloudfront.net/9a57bbfb-6158-468e-9f4b-5908007c1a72.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Germany
Victim Industry: Fashion & Apparel
Victim Organization: puma se
Victim Site: puma.com

19. Alleged data sale of Air France-KLM

Category: Data Breach
Content: The threat actor claims to be selling 51 GB of data from Air France-KLM, allegedly leaked on 29 July 2025. The compromised data includes over 12.3 million records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, residential addresses, Flying Blue numbers, countries of residence, employee information, flight information, internal email content, and live chat messages between employees and customers.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:31:06Z
Network: openweb
Published URL: (https://breachforums.hn/afkl.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/bb9b3c12-d0fb-4360-9053-cdba78b4c384.png https://d34iuop8pidsy8.cloudfront.net/6b0e7193-0fb6-432e-8b61-095124e513c7.png https://d34iuop8pidsy8.cloudfront.net/5e62afe8-7eef-4440-8b15-8ea1bf1ba945.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: France
Victim Industry: Airlines & Aviation
Victim Organization: air france klm
Victim Site: airfranceklm.com

Category: Data Breach
Content: The threat actor claims to be selling 19GB of data from Google Adsense, allegedly leaked in June 2025, including over 2.5 million records of PII covering employee details, publisher business profiles, contact and credential data, and commercial metrics, with files.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:28:12Z
Network: openweb
Published URL: (https://breachforums.hn/google.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/a9acb87c-de30-4d15-947f-19c7ef0e6acf.png https://d34iuop8pidsy8.cloudfront.net/83aad501-499e-419a-8dcd-98c36facdda8.png https://d34iuop8pidsy8.cloudfront.net/5a72f2a9-507e-4511-bf8a-bcae34354d7b.png https://d34iuop8pidsy8.cloudfront.net/5d338a75-c5ea-474b-a54c-85e68ffc0996.png https://d34iuop8pidsy8.cloudfront.net/dbad32b9-5dcc-4669-b4c2-01f4d4eb9a45.png https://d34iuop8pidsy8.cloudfront.net/c6cf8d9c-92c2-4405-b0c5-feb4958eb309.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: google adsense
Victim Site: adsense.google.com

21. Alleged data breach of St. Mary’s Home

Category: Data Breach
Content: The group claims to have leaked data from St. Mary’s Home.
Date: 2025-10-03T12:25:51Z
Network: tor
Published URL: (https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/6593915029/overview)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/1e3e4855-4553-4b61-bc1f-458f08766ff6.jpg https://d34iuop8pidsy8.cloudfront.net/e8b02896-84c6-458b-95d3-52313a956555.jpg
Threat Actors: Worldleaks
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: st. mary’s home
Victim Site: saintmaryshome.org

22. Alleged data sale of Petco

Category: Data Breach
Content: The threat actor claims to be selling data from Petco, allegedly leaked on 01-05-2024. The compromised data reportedly includes over 94 million records containing Personally Identifiable Information (PII), such as Full Name, Email Address, Phone Numbers, and State. The total data volume is 9.9 GB.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:21:55Z
Network: openweb
Published URL: (https://breachforums.hn/petco.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/cba949a9-cd7f-4a9e-82de-8cbc1acfbded.jpg https://d34iuop8pidsy8.cloudfront.net/c04d273b-7730-4848-98cd-ea8ec0190260.jpg https://d34iuop8pidsy8.cloudfront.net/e9c109d3-7f38-47ce-91c6-944f4a0bcc7d.jpg
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: petco
Victim Site: petco.com

23. Alleged data sale of Fujifilm Holdings Corporation

Category: Data Breach
Content: The threat actor claims to be selling 224k+ of the organization’s data. The compromised data allegedly contains sensitive PII such as Full Name, Email Address, Phone Number, Residence Addresses. The breach reportedly occurred in August 17th 2025, with a deadline set for October 10, 2025.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:19:13Z
Network: openweb
Published URL: (https://breachforums.hn/fujifilm.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/cfec3daa-50cb-4b66-ba56-3e15f5a3f289.png https://d34iuop8pidsy8.cloudfront.net/8148b69b-86d3-47fb-b7f7-1a6a9b3aabfb.png https://d34iuop8pidsy8.cloudfront.net/a47b1624-dc7e-45e4-ae98-85af696918aa.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Japan
Victim Industry: Photography
Victim Organization: fujifilm holdings corporation
Victim Site: global.fujifilm.com

24. Alleged data sale of Instructure Holdings, Inc

Category: Data Breach
Content: The threat actor claims to be selling 2.3Million+ of the organization’s data. The compromised data allegedly contains sensitive PII such as Full Name, Email Address, Phone Numbers, Residence Addresses, Live Chat Transcripts/Logs, Employee Information, School/Instances Information. The breach reportedly occurred in July 8th 2025, with a deadline set for October 10, 2025.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:18:13Z
Network: openweb
Published URL: (https://breachforums.hn/instructure.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7c4f0822-dc81-47a2-a6e3-0b9dd10d9ea3.png https://d34iuop8pidsy8.cloudfront.net/88ca608a-45af-46be-975a-0dfc5c313892.png https://d34iuop8pidsy8.cloudfront.net/77572da8-db4f-4863-8c09-39ead55f016f.png https://d34iuop8pidsy8.cloudfront.net/c1d5d7ab-2938-4870-8c73-7912a4793470.png https://d34iuop8pidsy8.cloudfront.net/071acd56-7379-430b-b223-c9c5ff92e192.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Education
Victim Organization: instructure holdings, inc
Victim Site: instructure.com

25. Alleged data sale of Instacart

Category: Data Breach
Content: The threat actor claims to be selling data from Instacart, allegedly leaked on 01-05-2025. The compromised data reportedly includes over 39 million records containing Personally Identifiable Information (PII), such as Full Name, Email Address, Phone Numbers, Residence Addresses, and Username. The total data volume is 32 GB.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:15:18Z
Network: openweb
Published URL: (https://breachforums.hn/instacart.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/975e8cad-b47e-41aa-969d-9518f9aa309a.jpg https://d34iuop8pidsy8.cloudfront.net/1dfa7582-21c8-42f9-8cdc-e5fdc7475663.jpg https://d34iuop8pidsy8.cloudfront.net/de424ea5-8a51-4fe2-9612-0d2c4acfb0ae.jpg
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: instacart
Victim Site: instacart.com

26. Alleged data sale of Kering

Category: Data Breach
Content: The threat actor claims to be selling 10GB of data from Kering, allegedly leaked in April 2024. The compromised data includes over 55 million records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, residence addresses, dates of birth, and total purchase history.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:09:26Z
Network: openweb
Published URL: (https://breachforums.hn/kering.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/cd88d3e4-3828-43ed-a1ae-c73ee34dcf19.png https://d34iuop8pidsy8.cloudfront.net/ab02507f-3117-43eb-b53a-5d65c32af6e4.png https://d34iuop8pidsy8.cloudfront.net/95b2b82d-3135-44de-b933-27ccf18904e8.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: France
Victim Industry: Fashion & Apparel
Victim Organization: kering
Victim Site: kering.com

27. Alleged data sale of HBO Max

Category: Data Breach
Content: The threat actor claims to be selling data from HBO Max, allegedly leaked on 02-05-2025. The compromised dataset reportedly contains over 7.7 million records of Personally Identifiable Information (PII), stored in a file named hbomax.csv. The data volume is 3.2 GB and includes full names, email addresses, phone numbers, and zip codes.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:08:09Z
Network: openweb
Published URL: (https://breachforums.hn/hbomax.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/943a2147-6783-4e69-b910-fd63767d6bef.jpg https://d34iuop8pidsy8.cloudfront.net/06a38bd6-eac3-4c29-827a-0878daa0411a.jpg https://d34iuop8pidsy8.cloudfront.net/cf4657b8-39bc-48c4-8e5a-fa98a06f8ebf.jpg
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Entertainment & Movie Production
Victim Organization: hbo max
Victim Site: hbomax.com

28. Alleged data sale of ENGIE Resources

Category: Data Breach
Content: The threat actor claims to be selling 3GB of data from Engie Resources (Plymouth), allegedly leaked in July 2025. The compromised data includes over 537,000 records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, residence addresses, employee information, client/company information, employee counts, and bank account details (account numbers, reference numbers, and bank names).The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:06:45Z
Network: openweb
Published URL: (http://breachforums.hn/engie.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/44038f8c-ae12-41dd-b163-d0ce9712127d.png https://d34iuop8pidsy8.cloudfront.net/272c30da-4ddc-4de8-8fc0-d186c84310eb.png https://d34iuop8pidsy8.cloudfront.net/b0de0ee3-09cb-4920-a3e9-623e0e4eddf4.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: UK
Victim Industry: Energy & Utilities
Victim Organization: engie resources
Victim Site: engieresources.com

29. Alleged data sale of Saks Fifth Avenue

Category: Data Breach
Content: The threat actor claims to be selling 1.1 GB of data from Saks Fifth Avenue, allegedly leaked on June 5, 2025. The compromised data reportedly includes over 1.1 million records containing Personally Identifiable Information (PII), such as email addresses, full names, phone numbers, and residential addresses.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:06:13Z
Network: openweb
Published URL: (https://breachforums.hn/saksfifth.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/ef74523c-e371-40a7-96db-552e15cc531f.png https://d34iuop8pidsy8.cloudfront.net/64252647-608d-45e5-b1ee-a7fe377fc2ba.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Fashion & Apparel
Victim Organization: saks fifth avenue
Victim Site: saksfifthavenue.com

30. Milburn Demolition falls victim to akira ransomware

Category: Ransomware
Content: The group claims to have obtained more than 16 GB data which includes corporate documents such as financial data (audit, payment details, financial reports, invoices), (passports, driver’s license, SSNs , emails, medical information, medical cards) Confidential information and other documents with detailed personal information.
Date: 2025-10-03T12:02:51Z
Network: tor
Published URL: (https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/5b0c24b5-dc28-4ba0-bc94-68f69931fe31.jpg
Threat Actors: akira
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: milburn demolition
Victim Site: milburn.com

31. Alleged data sale of McDonald’s

Category: Data Breach
Content: The threat actor claims to be selling 28 GB of data from McDonald’s, allegedly leaked on 27 June 2025. The compromised data includes over 12 million records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, residential addresses, and social media handles.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T12:02:23Z
Network: openweb
Published URL: (https://breachforums.hn/mcdonalds.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/65aadb67-0cc1-4f0b-b59a-c90884b97bee.png https://d34iuop8pidsy8.cloudfront.net/e3352cbf-9d2f-4d2d-8729-1322e6a1e5cd.png https://d34iuop8pidsy8.cloudfront.net/9ee5b317-3ba7-4c09-9e7b-1822ee7399ce.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Restaurants
Victim Organization: mcdonald’s corporation
Victim Site: mcdonalds.com

32. Alleged data sale of Albertsons Companies, Inc.

Category: Data Breach
Content: The threat actor claims to be selling 2GB of data from Albertsons Companies, Inc., allegedly leaked in July 2025. The compromised data includes over 672,000 records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, residence addresses, and employee information.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised
Date: 2025-10-03T12:01:31Z
Network: openweb
Published URL: (https://breachforums.hn/albertsons.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/fa883aec-8153-45aa-9049-5733409f7b82.png https://d34iuop8pidsy8.cloudfront.net/091111b4-6887-4b61-a246-7e105b216f40.png https://d34iuop8pidsy8.cloudfront.net/631e0238-e680-4272-bb9e-7cbee5350503.png https://d34iuop8pidsy8.cloudfront.net/9c2d1da7-1bf8-431d-805d-f5fcb75cd2d3.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: albertsons companies, inc.
Victim Site: albertsonscompanies.com

33. Alleged data sale of Stellantis

Category: Data Breach
Content: The threat actor claims to be selling 59 GB of data from Stellantis, allegedly leaked on 8 July 2025. The compromised data includes over 18.2 million records of Personally Identifiable Information (PII), such as email addresses, full names, phone numbers, residential addresses, car ownership details, preferred names, dealer information, and employee information.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T11:55:05Z
Network: openweb
Published URL: (https://breachforums.hn/stellantis.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7c763a85-cfe8-44c5-9dfa-fa6e4e3135ea.png https://d34iuop8pidsy8.cloudfront.net/3d13ed53-bfd8-4486-bd4b-b2bc2f1ed1a9.png https://d34iuop8pidsy8.cloudfront.net/5afeff96-7862-433e-bbc4-06c19781f987.png https://d34iuop8pidsy8.cloudfront.net/38e62b7a-8a74-4b33-a3da-c861490d773f.png https://d34iuop8pidsy8.cloudfront.net/780b4b88-2880-4ca7-97f6-3b40eb8fee33.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Netherlands
Victim Industry: Automotive
Victim Organization: stellantis
Victim Site: stellantis.com

34. Alleged data sale of Houghton Mifflin Harcourt Company

Category: Data Breach
Content: The threat actor claims to be selling 5.3Million+ of the organization’s data. The compromised data allegedly contains sensitive PII such as Full Name, Email Address, Phone Number, Residence Addresses, Teacher/Student Contact Information, School Information (Student/Teacher Count), Employee Information. The breach reportedly occurred in July 8th 2025, with a deadline set for October 10, 2025.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T11:52:48Z
Network: openweb
Published URL: (https://breachforums.hn/hmhco.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/affbf6ef-fd07-4170-92b3-f58df7df29be.png https://d34iuop8pidsy8.cloudfront.net/1a39afc5-b381-41c6-aab5-9df78b271891.png https://d34iuop8pidsy8.cloudfront.net/3c1912aa-038d-4e1a-b64d-ca3d592ea1e0.png https://d34iuop8pidsy8.cloudfront.net/8fe70216-0a91-41df-b74b-b12806898df3.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Education
Victim Organization: houghton mifflin harcourt company
Victim Site: hmhco.com

35. Alleged data sale of Gap Inc.

Category: Data Breach
Content: The threat actor claims to have leaked 1GB of data from Gap Inc., allegedly in June 2025. The compromised data includes over 224k records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, and residential addresses and more.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T11:40:40Z
Network: openweb
Published URL: (https://breachforums.hn/gap.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/5e3d0f35-4bad-4fff-8284-b37bcde741b5.png https://d34iuop8pidsy8.cloudfront.net/d12bd9c4-46a9-4af1-968e-8da21e79335a.png https://d34iuop8pidsy8.cloudfront.net/086ae4c8-7f23-4549-8a18-a9a8dc1bd383.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: gap inc.
Victim Site: gapinc.com

36. Alleged data sale of ASICS

Category: Data Breach
Content: The threat actor claims to have leaked 9GB of data from ASICS, Japan, allegedly in June 2025. The compromised data includes over 4.7 million records of Personally Identifiable Information (PII), such as full names, email addresses, dates of birth, account numbers, and employee information.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T11:35:51Z
Network: openweb
Published URL: (https://breachforums.hn/asics.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/b1040bde-e14c-4477-b99f-fd6e3b7d30bd.png https://d34iuop8pidsy8.cloudfront.net/35ee2806-8812-4166-8794-6721dbcf85fb.png https://d34iuop8pidsy8.cloudfront.net/07cdd1bb-af61-46e2-a3a1-64ec0ce3a379.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Japan
Victim Industry: Retail Industry
Victim Organization: asics
Victim Site: asics.com

37. Alleged data sale of Aerovías de México, S.A. de C.V.

Category: Data Breach
Content: The threat actor claims to be selling 39Million+ of the organization’s data. The compromised data allegedly contains sensitive PII such as Email addresses, Full Names, Residence Addresses, Phone numbers, Date of Birth, Passport Number, Individual Nationality, Gender and Flight Information. The breach reportedly occurred in July 4th 2025, with a deadline set for October 10, 2025.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T11:35:04Z
Network: openweb
Published URL: (https://breachforums.hn/aeromexico.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/9b330ad6-ce25-4f2e-8bd2-495efcec45e2.png https://d34iuop8pidsy8.cloudfront.net/0c406f03-2202-4706-aef3-d3ea144e8080.png https://d34iuop8pidsy8.cloudfront.net/db50c7ab-682f-47fb-8436-72ffd7c53142.png https://d34iuop8pidsy8.cloudfront.net/4a98bbaf-ad72-4e15-99f8-63c9d427be97.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Mexico
Victim Industry: Airlines & Aviation
Victim Organization: aerovías de méxico, s.a. de c.v.
Victim Site: aeromexico.com

38. Alleged data sale of Walgreens

Category: Data Breach
Content: The threat actor claims to be selling 11 GB of data from Walgreens, allegedly leaked on 14 July 2025. The compromised data includes over 1.3 million records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, residential addresses, dates of birth, X IDs, Walgreens internal account IDs, and employee information.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T11:34:40Z
Network: openweb
Published URL: (https://breachforums.hn/walgreens.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/0547640d-d23c-4543-ae09-6a915c606995.png https://d34iuop8pidsy8.cloudfront.net/710245d5-5273-46f3-b609-0c98cd0a194c.png https://d34iuop8pidsy8.cloudfront.net/e09505a9-99b3-4c7c-b8c4-9eae7c57a4af.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: walgreen co.
Victim Site: walgreens.com

39. Alleged data sale of Vietnam Airlines

Category: Data Breach
Content: The threat actor claims to be selling 63.62GB of data from Vietnam Airlines, allegedly leaked in June 2025. The compromised data includes over 23 million records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, and dates of birth.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised
Date: 2025-10-03T11:31:51Z
Network: openweb
Published URL: (https://breachforums.hn/vietnamairlines.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/f9313fd6-5f33-4719-91e3-65008c33aad2.png https://d34iuop8pidsy8.cloudfront.net/d9bb7776-0b36-497f-b7f7-1bbd4f65cea2.png https://d34iuop8pidsy8.cloudfront.net/9fb5925d-2831-4603-a260-3beac62f780a.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Vietnam
Victim Industry: Airlines & Aviation
Victim Organization: vietnam airlines
Victim Site: vietnamairlines.com

40. Alleged sale of KFC

Category: Data Breach
Content: The threat actor claims to have leaked 1.3GB of data from KFC, USA, allegedly in June 2025. The compromised data includes over 1 million records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, and residential addresses.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T11:27:53Z
Network: openweb
Published URL: (https://breachforums.hn/kfc.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/4b17d79c-2007-4c2f-83ac-9df9d0845454.png https://d34iuop8pidsy8.cloudfront.net/dc0c7bf5-a92f-44b5-b4f1-338bd6ad6074.png https://d34iuop8pidsy8.cloudfront.net/02bc49cc-7bff-4845-a835-a558d03b900a.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Food & Beverages
Victim Organization: kfc
Victim Site: kfc.com

41. Alleged data sale of The Home Depot

Category: Data Breach
Content: The threat actor claims to be selling 19.43 GB of data from The Home Depot, Inc., allegedly leaked on September 7, 2025. The compromised data reportedly includes over 13 million records containing Personally Identifiable Information (PII), such as email addresses, full names, employee details, phone numbers, residential addresses, government employee information, and support tickets.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T11:25:34Z
Network: openweb
Published URL: (https://breachforums.hn/homedepot.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/99277bfe-d602-4e75-8e34-36714cd19c19.png https://d34iuop8pidsy8.cloudfront.net/2e5d6044-714b-486c-afe1-057d0ff6f409.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: the home depot
Victim Site: homedepot.com

42. Alleged data sale of Marriott

Category: Data Breach
Content: The threat actor claims to be selling 7GB of data from Marriott International, allegedly leaked in August 2025. The compromised data includes over 1.1 million records of Personally Identifiable Information (PII), such as full names, email addresses, phone numbers, residence addresses, dates of birth, bank names, and loyalty program points balances.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T11:23:51Z
Network: openweb
Published URL: (https://breachforums.hn/marriott.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/8d554192-ce54-477f-8643-c14eafce5847.png https://d34iuop8pidsy8.cloudfront.net/d76646a7-f47d-460d-9a77-ba1ef2356917.png https://d34iuop8pidsy8.cloudfront.net/45f3f076-216b-446e-b8fe-527f0de3ada5.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Food & Beverages
Victim Organization: marriot
Victim Site: marriott.com

43. Alleged data sale of United Parcel Service, Inc.

Category: Data Breach
Content: The threat actor claims to be selling 29Million+ of the organization’s data. The compromised data allegedly contains sensitive PII such as Email addresses, Full Names, Residence Addresses, Phone numbers and Employee Information. The breach reportedly occurred in September 3rd 2025, with a deadline set for October 10, 2025.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T11:19:41Z
Network: openweb
Published URL: (https://breachforums.hn/ups.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/807f4db5-8eda-4abe-a815-7e5c8b410a30.png https://d34iuop8pidsy8.cloudfront.net/9c8d9ff8-1dc0-477a-9275-d7a9bb1ca961.png https://d34iuop8pidsy8.cloudfront.net/0cc609a3-6eb3-4ce4-bfd9-86a38e83c1d9.png https://d34iuop8pidsy8.cloudfront.net/8ca0cadb-2b58-42ac-ab81-5f8c1e922100.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Transportation & Logistics
Victim Organization: united parcel service, inc.
Victim Site: ups.com

44. Alleged data sale of FedEx

Category: Data Breach
Content: The threat actor claims to be selling 1.1TB of data from FedEx, allegedly leaked in August 2025. The compromised data includes over 166 million records of Personally Identifiable Information (PII), such as email addresses, full names, employee information, phone numbers, residential addresses, shipping information, marketing/lead data, and support content.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T11:13:43Z
Network: openweb
Published URL: (https://breachforums.hn/fedex.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7286640c-be19-4a6d-b5c3-be7aa2b2c5bb.png https://d34iuop8pidsy8.cloudfront.net/564cd0c2-b79c-4b46-a5b0-3cc539141e2a.png https://d34iuop8pidsy8.cloudfront.net/8982bbd8-cfcf-4d60-bd35-30d064f80b60.png https://d34iuop8pidsy8.cloudfront.net/e7a05c31-1358-4469-a896-cf7c9564e28f.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Transportation & Logistics
Victim Organization: fedex
Victim Site: fedex.com

45. Alleged data sale of Disney and Hulu

Category: Data Breach
Content: The threat actor claims to be selling 36GB of data from Disney and Hulu, allegedly leaked in May 2025. The compromised data includes over 94 million records of Personally Identifiable Information (PII), such as full names, email addresses, and phone numbers.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T11:12:40Z
Network: openweb
Published URL: (https://breachforums.hn/hulu.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/39a25fd8-f0d2-44cd-9514-d3f8c1e1d8ae.png https://d34iuop8pidsy8.cloudfront.net/48923a1e-afdf-4e40-b1b9-9d0609d8144b.png https://d34iuop8pidsy8.cloudfront.net/74ace106-9b65-4ca3-8053-3d1f0657c7e1.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Entertainment & Movie Production
Victim Organization: disney
Victim Site: hulu.com

46. Banco Hipotecario del Uruguay falls victim to CRYPTO24 Ransomware

Category: Ransomware
Content: The group claims to exfiltrated 700 GB data of the victim and be published the data within 9-10 days.
Date: 2025-10-03T11:10:54Z
Network: tor
Published URL: (http://j5o5y2feotmhvr7cbcp2j2ewayv5mn5zenl3joqwx67gtfchhezjznad.onion/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/7c4c8874-8df1-44fe-ad0e-994ad063c111.jpg
Threat Actors: CRYPTO24
Victim Country: Uruguay
Victim Industry: Banking & Mortgage
Victim Organization: banco hipotecario del uruguay
Victim Site: bhu.com.uy

47. Alleged data breach of National Portal of India

Category: Data Breach
Content: The threat actor claims to be leaked data from National Portal of India.
Date: 2025-10-03T11:08:24Z
Network: telegram
Published URL: (https://t.me/c/2730963017/405)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/557f6711-b5b9-4ac2-9864-8ff89e6f4666.JPG
Threat Actors: TEAM BD CYBER NINJA
Victim Country: India
Victim Industry: Government Administration
Victim Organization: national portal of india
Victim Site: india.gov.in

48. Alleged data sale of Republic Services, Inc.

Category: Data Breach
Content: The threat actor claims to be selling 47Million+ of the organization’s data. The compromised data allegedly contains sensitive PII such as Identity & Contact Information, Company Profile & Financials, Operational & Contract Specifics, Account & Contact Governance, Email & Phone Coordinates, Employee Information, and Forms/Permissions Scaffolding. The breach reportedly occurred in June 30th 2025, with a deadline set for October 10, 2025.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T11:03:41Z
Network: openweb
Published URL: (https://breachforums.hn/republicservices.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/c5433a0b-4012-4ced-b021-237e4b49f455.png https://d34iuop8pidsy8.cloudfront.net/7707ca91-2032-432a-a682-b374460c7749.png https://d34iuop8pidsy8.cloudfront.net/d4c394ad-ad15-47d6-9121-8da06cd443eb.png https://d34iuop8pidsy8.cloudfront.net/333a6189-e4df-4769-95ab-ec2927435071.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Environmental Services
Victim Organization: republic services, inc.
Victim Site: republicservices.com

49. Alleged data sale of Salesforce, Inc.

Category: Data Breach
Content: The threat actor claims to be selling 1 billion records from Salesforce, Inc., allegedly containing sensitive Personally Identifiable Information (PII), such as driver’s licenses, birth dates, and social security numbers. Over 100 Salesforce instances have been compromised, and data from 42 customers has been put up for sale. The breach reportedly occurred in mid-2024, with a deadline set for October 10, 2025.
Date: 2025-10-03T10:53:14Z
Network: openweb
Published URL: (https://breachforums.hn/salesforce.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/158b3fc2-a21a-4aca-9e21-1cc55cb09548.png https://d34iuop8pidsy8.cloudfront.net/018beb85-187d-4e25-91d4-43799286d99b.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: USA
Victim Industry: Software Development
Victim Organization: salesforce, inc.
Victim Site: salesforce.com

50. Alleged data sale of TOYOTA MOTOR CORPORATION

Category: Data Breach
Content: The threat actor claims to be selling 64GB of data from Toyota Motor Corporation, Japan, allegedly containing over 110 million records of sensitive Personally Identifiable Information (PII), such as email addresses, full names, residential addresses, and phone numbers. The data was allegedly leaked in April 2025.NB: The threat actor mentioned that this organization was a Salesforce customer and was breached because Salesforce was compromised.
Date: 2025-10-03T10:52:48Z
Network: openweb
Published URL: (https://breachforums.hn/toyota.html)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/3771b6c0-e87b-498b-a153-480cd559379a.png https://d34iuop8pidsy8.cloudfront.net/6d517fb7-f321-47d7-8995-f5bd2cc2b4f4.png https://d34iuop8pidsy8.cloudfront.net/584ad3a7-54f3-4c53-9e18-0a46cfb70f41.png
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Japan
Victim Industry: Automotive
Victim Organization: toyota motor corporation
Victim Site: global.toyota

51. Alleged leak of accounts from impots.gouv.fr

Category: Data Breach
Content: The threat actor claims to have leaked 86,977 of the organization’s account data. The leaked data are given in a compressed RAR file.
Date: 2025-10-03T10:35:00Z
Network: openweb
Published URL: (https://darkforums.st/Thread-86-977-account-impots-gouv-fr-no-check)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/b5c8fe69-55e1-4927-8a7c-3e45dd09c3ba.png
Threat Actors: bugsbynny
Victim Country: France
Victim Industry: Government Administration
Victim Organization: republic french
Victim Site: impots.gouv.fr

52. Capital Choice Financial Services falls victim to Trinity Ransomware

Category: Ransomware
Content: The group claims to have obtained 420 GB of organization data.
Date: 2025-10-03T10:26:35Z
Network: tor
Published URL: (http://txtggyng5euqkyzl2knbejwpm4rlq575jn2egqldu27osbqytrj6ruyd.onion/articles/10)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/763f6d1c-2530-478b-b45f-aea7f1e64507.jpg
Threat Actors: Trinity
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: capital choice financial services
Victim Site: capitalchoice.com

53. Alleged leak of access to PRINKO

Category: Initial Access
Content: The group claims to have leaked access to PRINKO.
Date: 2025-10-03T10:05:24Z
Network: telegram
Published URL: (https://t.me/fornetcloud/2567)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/9422705a-1de2-4dbe-92bd-7c7244f53af0.png
Threat Actors: FORNET ORG
Victim Country: Italy
Victim Industry: Printing
Victim Organization: prinko s.r.l.
Victim Site: prinko.it

54. Alleged data sale of Huawei Technologies Co., Ltd.

Category: Data Breach
Content: The threat actor claims to have obtained the organization’s data. The compromised data includes source code files, build artifacts, documentation and TeX/LaTeX files. A session link is also provided.
Date: 2025-10-03T09:30:15Z
Network: openweb
Published URL: (https://darkforums.st/Thread-Selling-Java-Maniac-Huawei-Data-Breach)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/c6f2bb67-0d85-4199-a2d6-cde204d3d2d3.png
Threat Actors: KaruHunters
Victim Country: China
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: huawei technologies co., ltd.
Victim Site: huawei.com

55. Alleged sale of unidentified rural bank data in the Philippines

Category: Data Breach
Content: The threat actor claims to be selling data from an unidentified rural bank in the Philippines, allegedly containing ID, account number, birthdate, creation date, update date, nickname, email, and more.
Date: 2025-10-03T09:14:48Z
Network: openweb
Published URL: (https://darkforums.st/Thread-Selling-Philippines-Rural-Bank-Database)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/59baaf37-05a1-44e7-b574-52f047be6fb1.png
Threat Actors: Mulch1846
Victim Country: Philippines
Victim Industry: Banking & Mortgage
Victim Organization: Unknown
Victim Site: Unknown

56. Alleged data sale of Rangkasbitung District Court

Category: Data Breach
Content: The group claims to have selling 1M vehicle ticketing databases from Rangkasbitung District Court. The compromised data reportedly contains detail such as registration number, ticket, enforcement date, ticket form, payment number enforcement unit code, enforcer description, name address, article, evidence vehicle type, motor vehicle license plate, deposit money pn unit code, case number, judge name clerk name, prosecutor unit code, trial date present/absent, fine, case fee subsidiary, payment date, remaining deposit.
Date: 2025-10-03T08:39:48Z
Network: telegram
Published URL: (https://t.me/c/2532663346/70)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/c8975979-9637-45ec-9696-f28ed8d8f406.JPG
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Judiciary
Victim Organization: rangkasbitung district court
Victim Site: pn-rangkasbitung.go.id

57. Red Eye of Palestine claims to target Israel

Category: Alert
Content: A recent post by the group indicates that they are targeting Israel.
Date: 2025-10-03T08:19:22Z
Network: telegram
Published URL: (https://t.me/R3D_3Y3S/288)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/3f0d1cdb-3b15-45ee-b2fa-303dce7e413a.png
Threat Actors: Red Eye of Palestine
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

58. Keymous+ targets Orange Maroc network

Category: Cyber Attack
Content: The group claims to be testing Orange Maroc’s network, not its official website
Date: 2025-10-03T07:59:51Z
Network: telegram
Published URL: (https://t.me/c/2588114907/393)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/09a8f204-5235-4d41-b5c4-a2865dacf97f.png
Threat Actors: Keymous+
Victim Country: Morocco
Victim Industry: Network & Telecommunications
Victim Organization: orange maroc
Victim Site: orange.ma

59. FANATIX LEGION targets the website of Jabali Canada Inc.

Category: Defacement
Content: The group claims to have defaced the website of Jabali Canada Inc.
Date: 2025-10-03T07:37:58Z
Network: telegram
Published URL: (https://t.me/fanatixlegionv/10)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/18cbbdf8-095a-421d-80e9-b1e3995b2cf6.JPG
Threat Actors: FANATIX LEGION
Victim Country: Canada
Victim Industry: Real Estate
Victim Organization: jabali canada inc.
Victim Site: jabalicanada.com

60. Supercash falls victim to Space Bears Ransomware

Category: Ransomware
Content: The threat actor claims to have obtained organization’s data including internal database, employee and client information, and sensitive financial documents. They intends to publish it within 6 days.
Date: 2025-10-03T06:29:57Z
Network: tor
Published URL: (http://5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion/companies/92/supercash-alimentos-y-bebidas-premium)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/0eeb2cb9-1ab4-4383-bce2-5915c12a38f4.png
Threat Actors: Space Bears
Victim Country: Spain
Victim Industry: Food & Beverages
Victim Organization: supercash
Victim Site: supercash.es

61. Alleged data leak of Global Life Insurance

Category: Data Breach
Content: Threat actor claims to have leaked data from Global Life Insurance, containing 368,717 records with sensitive personal information including full names, addresses, dates of birth, Social Security Numbers (SSNs), driver’s license numbers, phone numbers, emails, and complete insurance policy details such as policy numbers, coverage amounts, beneficiary information, and even associated bank account details.NB: Authenticity of the claim is yet to be verified.
Date: 2025-10-03T06:27:24Z
Network: openweb
Published URL: (https://xss.pro/threads/143585/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/705b4df3-f3f8-4f45-bec0-aadde0bb44c8.png https://d34iuop8pidsy8.cloudfront.net/f6c7927e-2df3-4cb4-a6f3-805182fb1356.png
Threat Actors: LeaksPlus
Victim Country: Unknown
Victim Industry: Insurance
Victim Organization: Unknown
Victim Site: Unknown

62. FANATIX LEGION targets the website of soulimanalaaraj.com

Category: Defacement
Content: The group claims to have defaced the website of soulimanalaaraj.com
Date: 2025-10-03T05:47:47Z
Network: telegram
Published URL: (https://t.me/fanatixlegionv/7)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/737b2e91-4cc2-4b61-8bc7-27570d76f83b.png
Threat Actors: FANATIX LEGION
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: soulimanalaaraj.com
Victim Site: soulimanalaaraj.com

63. FANATIX LEGION targets the website of Aventoury Tourism

Category: Defacement
Content: The group claims to have defaced the website of Aventoury Tourism.
Date: 2025-10-03T05:46:50Z
Network: telegram
Published URL: (https://t.me/fanatixlegionv/7)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/47ee4885-6b2e-452e-9f82-8048cf1bf94a.png
Threat Actors: FANATIX LEGION
Victim Country: Turkey
Victim Industry: Leisure & Travel
Victim Organization: aventoury tourism
Victim Site: aventoury.com

64. Alleged data breach of Republic of Korea Police database

Category: Data Breach
Content: The threat actor claims to be a leaked database of the Republic of Korea Police.
Date: 2025-10-03T04:36:49Z
Network: openweb
Published URL: (https://darkforums.st/Thread-Selling-Republic-of-Korea-Police-database)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/1280076a-8046-4138-b09e-8621fa2028b1.png
Threat Actors: Beynely
Victim Country: South Korea
Victim Industry: Law Enforcement
Victim Organization: republic of korea
Victim Site: police.go.kr

65. Alleged sale of USA Doctors Personal Database

Category: Data Breach
Content: Threat actor claims to have leaked a personal database of 790,000 U.S. doctors, reportedly containing full names, specialties, full addresses, gender, phone numbers, emails, websites, hospital affiliations, and more.
Date: 2025-10-03T04:09:09Z
Network: openweb
Published URL: (https://leakbase.la/threads/usa-doctor.44052/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/3c35d4e3-bf84-4b1a-9342-0b035c50fc58.png
Threat Actors: ehsan8
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

66. STOCKMEIER Urethanes falls victim to INC RANSOM Ransomware

Category: Ransomware
Content: The group claims to have obtained 37.62 GB of organization’s data including Confidential corporate documents, Financial Data, HR records, Customer Data, and internal Incident reports. They intend to publish it within 2-3 days.
Date: 2025-10-03T03:33:01Z
Network: tor
Published URL: (http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/68df2ef1fa0b6f4bdfba2a22)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/a5bde4bd-964d-4164-9afa-7d19bac85cc3.png
Threat Actors: INC RANSOM
Victim Country: Germany
Victim Industry: Chemical Manufacturing
Victim Organization: stockmeier urethanes
Victim Site: stockmeier-urethanes.com

67. HellR00ters Team targets the website of Nupur Realty

Category: Defacement
Content: The group claims to have defaced the website of Nupur Realt. Mirror Id : https://zone-xsec.com/archive/team/HellR00ters+Team
Date: 2025-10-03T01:30:11Z
Network: telegram
Published URL: (https://t.me/c/2758066065/54)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/718f4327-dc9b-4d1b-a0c6-cb26fca3467b.png
Threat Actors: HellR00ters Team
Victim Country: UAE
Victim Industry: Real Estate
Victim Organization: nupur realty
Victim Site: nupurrealty.ae

68. HellR00ters Team targets Multiple Indian websites

Category: Defacement
Content: Group claims to have defaced multiple Indian websites. Mirror Id : https://zone-xsec.com/archive/team/HellR00ters+Team
Date: 2025-10-03T00:38:21Z
Network: telegram
Published URL: (https://t.me/c/2758066065/54)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/1de93d44-0ca6-4233-9cd5-ebcb161a2554.png
Threat Actors: HellR00ters Team
Victim Country: India
Victim Industry: Business and Economic Development
Victim Organization: consultingpro
Victim Site: consultingpro.in

69. Alleged data breach of Sanatorio Diagnóstico

Category: Data Breach
Content: Threat actor claims to have leaked 401,994 records from Sanatorio Diagnostico (Argentina) reportedly extracted from a SQL database and containing credentials, IDs, emails, phone numbers, and additional medical/administrative fields.
Date: 2025-10-03T00:38:00Z
Network: openweb
Published URL: (https://darkforums.st/Thread-DATABASE-401-994k-Argentina-Database-Sanatorio-Diagnostico–53331)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/b12764e9-40ad-4d30-8d60-70da03fba184.png
Threat Actors: rufus
Victim Country: Argentina
Victim Industry: Hospital & Health Care
Victim Organization: sanatorio diagnóstico
Victim Site: sdiagnostico.com.ar

70. Alleged data leak of USA School Details

Category: Data Breach
Content: Threat actor claims to have leaked 774,000 U.S. school-related records containing PII and school data including student_id, full names, dates of birth, grades, emails, phone numbers, school_id, teacher assignments, photos/webcam indicators, enrollment/scheduling fields, and various metadata fields.
Date: 2025-10-03T00:29:58Z
Network: openweb
Published URL: (https://leakbase.la/threads/usa-school-details.44054/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/55932375-c75f-4eea-95ab-8b8ded67b632.png
Threat Actors: ehsan8
Victim Country: USA
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown

71. Alleged unauthorized access to an unidentified organization in Germany

Category: Initial Access
Content: The threat actor is offering to sell access (web / RDP / user) to an unidentified organization in Germany
Date: 2025-10-03T00:15:28Z
Network: openweb
Published URL: (https://forum.exploit.in/topic/267460/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/e384631b-7f22-4ebb-8da3-88d9f20c8f1b.png
Threat Actors: setvik
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

72. Alleged sale of unauthorized access to an unidentified Hotel in Singapore

Category: Initial Access
Content: The threat actor offering to sell an access of unidentified hotel in Singapore
Date: 2025-10-03T00:07:57Z
Network: openweb
Published URL: (https://forum.exploit.in/topic/267459/)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/6775bf1a-a249-456c-b313-58657cd5bfe9.png
Threat Actors: setvik
Victim Country: Singapore
Victim Industry: Hospitality & Tourism
Victim Organization: Unknown
Victim Site: Unknown

73. LulzSec Black targets the website of cat.pintst.online

Category: Defacement
Content: The group claims to have defaced the website of cat.pintst.online
Date: 2025-10-03T00:07:36Z
Network: telegram
Published URL: (https://t.me/LulzSecBlack/1496)
Screenshots: https://d34iuop8pidsy8.cloudfront.net/70c53601-5827-44db-9503-acdc5326dba7.png
Threat Actors: LulzSec Black
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: cat.pintst.online
Victim Site: cat.pintst.online

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats.

Data breaches and data sales are prominent, affecting various sectors from luxury goods and retail to financial services, healthcare, and education, and impacting countries including the USA, India, France, Germany, Israel, and more. A significant portion of the breaches appear to be linked to a potential compromise of a major software vendor, as several threat actors explicitly mention that the victim organization was a Salesforce customer and was breached because Salesforce was compromised.

The compromised data is extensive, ranging from Personally Identifiable Information (PII) like names, addresses, emails, and phone numbers to highly sensitive records such as Social Security Numbers (SSNs), driver’s licenses, passport numbers, bank account details, employee information, and confidential military/government-related data.

The report also reveals significant activity in ransomware, with groups claiming to have exfiltrated large volumes of data (up to 700 GB and 420 GB) from victims in manufacturing, financial, and construction sectors in the USA, Canada, and Uruguay. Initial access sales continue, with actors selling unauthorized access to corporate networks in Italy, Singapore, and Germany. Additionally, defacement attacks were observed targeting websites in Indonesia, Canada, Turkey, UAE, and India.

The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, comprehensive data protection strategies, continuous vulnerability management, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.