UPS 2025 Data Breach

UPS Logistics Company Breach (Salesforce, 2025): 29.6 Million Customer Contact Records Including Home Address Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Scattered Lapsus$ HuntersLogisiticsEmail AddressFull NamePhone NumberPhysical Address
Low SeverityWebsite / service breach

UPS Logistics Company Breach (Salesforce, 2025): 29.6 Million Customer Contact Records Including Home Address Exposed

Global logistics and delivery company.

Verified by ObscureIQ Intelligence
0/100Breach Risk Index
10Data Value

Breach Intelligence Summary

Entity: UPS · Actor: Scattered Lapsus$ Hunters · Sources: 2 references
Attack: Unknown
Profile: Company · Logistics and package delivery · Transportation and supply chain network · Global
Timeline: Breach (2025-10-10) · Year (2025)
Exposure: 29.6M records · 4 fields: Email Address, Full Name, Phone Number, Physical Address
Status: Reported

Executive Summary

UPS, one of the world's largest package delivery companies, was caught up in a supply chain breach targeting Salesforce customer environments in late 2025. A threat group calling itself "Scattered LAPSUS$ Hunters" exploited OAuth token abuse and social engineering to access CRM (customer relationship management) data across dozens of major organizations. UPS was listed among roughly 39 named victims on the group's dark web leak site. The attackers released a sample of the stolen UPS database on October 3, 2025, and claimed the full dataset, affecting an estimated 29.6 million records, would be released the following week. Salesforce attributed the incidents to past or customer-side security lapses rather than a compromise of its core platform. The exposed data includes full names, email addresses, phone numbers, and mailing addresses, including street, city, state, ZIP code, and country. For some records, precise geolocation coordinates tied to shipping addresses were also present. Internal UPS account details, such as account numbers, customer segments, and business unit information, were found in the sample as well. For a package delivery company, this combination of data is especially dangerous. Home addresses tied to a known delivery relationship make affected individuals vulnerable to package interception fraud, delivery impersonation scams, and targeted phishing attacks that convincingly mimic UPS communications. The same risk pattern was observed in a parallel breach affecting FedEx from the same campaign. UPS has not issued detailed public statements about the scope of its exposure or its specific response. Salesforce has similarly declined to characterize the incidents as a platform-level failure. No regulatory action or class action litigation has been publicly confirmed as of the time of this writing. Affected individuals should treat any delivery-related messages, whether by email, phone, or text, with heightened suspicion. They should verify communications directly through the official UPS website rather than clicking links or calling numbers provided in unsolicited messages.

ObscureIQ assessment: Exposure enables package scams, delivery impersonation, phishing, and household or business targeting. Shipping data is highly actionable because it is time-sensitive and easy to weaponize.

Breach Impact

The 2025 incident was part of the Scattered LAPSUS$ Hunters campaign against Salesforce customer environments, in which the group exploited OAuth token abuse and social engineering to access CRM data across dozens of major organizations. UPS was listed among approximately 39 named victims on the group's dark web leak site, with a sample of customer records including names, email addresses, phone numbers, and home addresses published in October 2025. Salesforce stated the incidents related to past or customer-side security lapses rather than a compromise of its core platform. UPS has not made detailed public statements about its specific response to or the scope of its exposure in this campaign.

About UPS

UPS is one of the world's largest package delivery and supply chain management companies, operating a global network of ground and air transportation, logistics, and freight services. Headquartered in Atlanta, Georgia, the company is publicly traded on the NYSE and serves businesses and consumers across more than 200 countries and territories. Its operations span e-commerce fulfillment, international freight, customs brokerage, and healthcare logistics.

Why They Hold Your Data

Transportation and supply-chain networks collect shipper and recipient identity, addresses, phone numbers, shipment history, delivery instructions, and business logistics records.

Recent Developments

UPS has been navigating a period of volume and revenue pressure following the pandemic-era delivery surge. The company executed significant workforce reductions in 2023 and 2024 as part of a cost restructuring program, including a major reduction following renegotiated terms with its largest customer Amazon. It reached a new five-year contract with the Teamsters union in 2023 following strike threats. The Scattered LAPSUS$ Hunters Salesforce campaign in late 2025 was the primary data security event of the period.

Data Points Exposed

4 verified field types
Email Address
Full Name High
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: Scattered Lapsus$ Hunters

Scattered Lapsus$ Hunters
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the UPS breach?

UPS, one of the world's largest package delivery companies, was caught up in a supply chain breach targeting Salesforce customer environments in late 2025. A threat group calling itself "Scattered LAPSUS$ Hunters" exploited OAuth token abuse and social engineering to access CRM (customer…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation