Massive Government Personnel Database Compiled from Stolen Salesforce Records
A sophisticated hacking collective known as Scattered LAPSUS$ Hunters has assembled a comprehensive database containing personal information of more than 22,000 U.S. government officials, according to cybersecurity investigators. The group claims to have built this extensive repository by mining data from multiple Salesforce platform breaches that occurred earlier this year, combining stolen customer information with details from other security incidents.
Table of Contents
- Massive Government Personnel Database Compiled from Stolen Salesforce Records
- Verification and Scope of Compromised Data
- Attack Methodology: Social Engineering and Phishing Campaign
- Emerging Threat: The Com Ecosystem
- Authentication and Communication Patterns
- Corporate-Government Security Intersection
The scale of this data compilation represents one of the most significant government personnel exposure events in recent years, affecting agencies across the national security, law enforcement, and public health sectors.
Verification and Scope of Compromised Data
Cybersecurity publication 404 Media first reported the breach and has verified substantial portions of the leaked material. Their analysis confirms that the database includes current and former employees from multiple high-profile agencies including:
- National Security Agency (NSA)
- Defense Intelligence Agency (DIA)
- Federal Trade Commission (FTC)
- Department of Homeland Security
- Immigration and Customs Enforcement
- Federal Bureau of Investigation
- Department of Justice
Additional records appear to contain contact information for officials at the Centers for Disease Control and Prevention, the Food and Drug Administration, and the Bureau of Alcohol, Tobacco, Firearms and Explosives. Cybersecurity firm District 4 Labs has independently corroborated that many names, agencies, and phone numbers match information from known breaches., according to recent developments
Attack Methodology: Social Engineering and Phishing Campaign
The initial Salesforce compromises resulted from a sophisticated combination of social engineering and phishing techniques, according to cybersecurity researchers. Attackers targeted employees at major corporations, tricking them into connecting to malicious applications designed to mimic legitimate Salesforce integrations.
Once credentials were captured, hackers gained access to extensive internal databases containing sensitive customer information. Earlier reports identified major corporate victims including Disney, FedEx, Toyota, and UPS. The hacking collective publicly claimed that these breaches yielded more than a billion records collectively.
Emerging Threat: The Com Ecosystem
Scattered LAPSUS$ Hunters represents a new evolution in cybercriminal organizations, combining elements from three prominent hacking collectives: Scattered Spider, LAPSUS$, and ShinyHunters. All three groups originated from loosely organized online communities collectively known as “the Com,” which operate primarily on platforms like Telegram and Discord., according to market analysis
These digital spaces blend social interaction with criminal activity, where participants trade stolen data, coordinate breach targets, and occasionally turn on one another. Previous attacks originating from these communities have targeted major corporations including MGM Resorts and Caesars Entertainment, combining financial extortion with public humiliation tactics such as doxing.
Authentication and Communication Patterns
The group’s credibility was bolstered when they verified their identity using a PGP (Pretty Good Privacy) key associated with a member of ShinyHunters, a longstanding participant in international hacking incidents. This cryptographic authentication system confirms message provenance and suggests genuine connections to established cybercriminal networks.
Their Telegram channel, which hosted recent leaks and communications, went offline shortly after the mass doxing of Department of Homeland Security personnel and the release of data purportedly tied to an NSA official. A group representative speculated that their servers were “taken offline, presumably seized,” though federal authorities have not confirmed any intervention.
Corporate-Government Security Intersection
This incident highlights the growing intersection between corporate data breaches and government personnel security. As federal agencies increasingly rely on enterprise cloud platforms and third-party service providers, information stolen from corporate systems creates significant spillover risks for public employees., as related article
The Department of Homeland Security has not responded to multiple requests for comment on the exposure, while Salesforce has declined to comment on the group’s specific claims. Both the FTC and U.S. Air Force confirmed awareness of the breach reports but declined to provide further details, indicating the sensitive nature of ongoing investigations.
This evolving threat landscape underscores the critical need for enhanced security protocols across both corporate and government sectors, particularly as cloud platforms become increasingly integrated into critical infrastructure and sensitive operations.
Related Articles You May Find Interesting
- Amazon’s Robotics Revolution: How Automation Could Reshape Workforce Strategy an
- How China’s AI-Driven Energy Strategy is Reshaping Global Competition
- Asian Markets Rally as Trade Tensions Ease; CATL Earnings Boost EV Sector
- Amazon’s Nuclear Power Play: How SMRs Could Reshape Corporate Energy Strategy
- Gartner Forecasts AI-Driven Enterprise Transformation by 2026
References & Further Reading
This article draws from multiple authoritative sources. For more information, please consult:
This article aggregates information from publicly available sources. All trademarks and copyrights belong to their respective owners.
Note: Featured image is for illustrative purposes only and does not represent any specific product, service, or entity mentioned in this article.
