Republic Services Data Breach
Republic Services Waste Management Company Breach (Salesforce, 2025): 40.9 Million Customer Contact Records Including Home Address Exposed
Waste management company.
Risk Interpretation
Exposure enables phishing, billing fraud, and targeting of businesses or households through service-location data. Operational records may also support infrastructure or route-based targeting.
Impact & Downstream Threats
The 2025 breach was part of the Scattered LAPSUS$ Hunters campaign targeting Salesforce cloud environments. The group published a sample of Republic Services customer data on October 3, 2025, including home addresses, phone numbers, and email addresses. Republic Services has not made detailed public statements about the incident, consistent with other brands affected by the same Salesforce-linked campaign. No major regulatory action or litigation specific to this breach has been documented in pu
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
Republic Services, one of the largest waste management companies in the United States, was caught up in a 2025 supply chain attack targeting Salesforce cloud environments. A threat group calling itself "Scattered LAPSUS$ Hunters" claimed responsibility and published a sample of stolen data on October 3, 2025, with the full dataset reportedly scheduled for release on October 10. The breach exposed records tied to an estimated 40.9 million customers. The exposed data includes full names, email addresses, phone numbers, and mailing addresses. Because Republic Services provides residential waste collection, home addresses in this dataset carry an added risk: they can be combined with service schedules to build detailed routine-of-life profiles, revealing when residents are likely away from home. The data also included business account details such as company names, billing addresses, employee counts, revenue figures, and internal account identifiers from the Salesforce platform. Republic Services has not made detailed public statements about the incident, and no major regulatory action or litigation specific to this breach has been documented. Affected individuals should be alert to phishing attempts by email or phone, as the combination of verified contact details and service location information makes targeted scams more convincing. Residential customers in particular should be aware that their address data is now likely in broad circulation.
About Republic Services
Republic Services is one of the largest waste management and environmental services companies in the United States, providing collection, recycling, transfer, and disposal services to residential, commercial, and municipal customers across dozens of states. The company is publicly traded on the NYSE and headquartered in Phoenix, Arizona. It operates landfills, recycling facilities, and a large fleet of collection vehicles.
Why They Hold Your Data
Waste-management and environmental-service firms collect customer, employee, vendor, route, billing, and service-location records across operational and municipal-service workflows.
Recent Developments
Republic Services has continued investing in sustainability infrastructure and fleet electrification as part of its publicly stated environmental strategy. The company has maintained stable financial performance and is considered one of the more defensively positioned companies in the industrial services sector. No major leadership changes or structural events beyond the breach itself have been prominently reported in the 12-18 months prior to publication.
Data Points Exposed
Exposure Categories
Canonical Fields
email_address, phone_number, physical_address:home
Dark Web Verification
- Dataset containing ~40.9M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: republicservices-salesforce-2025
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Republic Services
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam