TripleA 2025 Data Breach

AAA (Triple-A) Automobile Club Breach (Salesforce, 2025): 11.2 Million Member Contact Records Including Home Address Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Scattered Lapsus$ HuntersInsuranceEmail AddressPhone NumberPhysical Address
Low SeverityWebsite / service breach

AAA (Triple-A) Automobile Club Breach (Salesforce, 2025): 11.2 Million Member Contact Records Including Home Address Exposed

American Automobile Association (AAA) - roadside assistance and travel membership club.

Verified by ObscureIQ Intelligence
0/100Breach Risk Index
10Data Value

Breach Intelligence Summary

Entity: TripleA · Actor: Scattered Lapsus$ Hunters · Sources: 2 references
Attack: Unknown
Profile: Membership Organization · Roadside assistance, travel, and member services · Automobile club membership platform · USA
Timeline: Breach (2025-10-10) · Year (2025)
Exposure: 11.2M records · 3 fields: Email Address, Phone Number, Physical Address
Status: Reported

Executive Summary

AAA (the American Automobile Association) suffered a data breach affecting 11.2 million members after a threat actor group calling itself "Scattered LAPSUS$ Hunters" compromised the organization through a supply chain attack on the Salesforce platform. The attack was one of roughly 39 breaches attributed to the same group in October 2025. The attackers released a sample of the stolen database on October 3, 2025, and stated the full dataset would be published on October 10, 2025. The exposed records include full names, email addresses, phone numbers, and home mailing addresses. Membership details were also present, including membership level, status, type, join date, renewal date, and years of membership. Because AAA members typically enroll to receive roadside assistance and insurance-related services, this data carries a strong implication of vehicle ownership and home location, making affected individuals vulnerable to phishing, roadside-assistance impersonation scams, vehicle-linked fraud, and targeted household schemes. AAA had not made detailed public statements about the scope of its specific exposure as of the known reporting period. No regulatory actions or individual notifications had been publicly confirmed at the time of indexing. Affected members should treat unsolicited contact referencing their AAA membership, vehicle, or home address with extreme caution, particularly requests that invoke urgency around roadside or insurance services.

ObscureIQ assessment: Exposure enables phishing, roadside-assistance impersonation, vehicle-linked fraud, and household targeting. Membership and vehicle data can also reveal mobility patterns and financial signals.

Breach Impact

AAA was among the approximately 39 organizations listed on the Scattered LAPSUS$ Hunters dark web leak site in October 2025, with member contact data including email addresses, phone numbers, and home addresses published. AAA has not made detailed public statements about the specific scope of its exposure in this campaign. Given the membership-based nature of AAA's data, the exposed records represent people who had affirmatively enrolled in the organization and provided home contact details for roadside and insurance services.

About TripleA

AAA — the American Automobile Association — is a nonprofit membership organization providing roadside assistance, travel planning, insurance products, and automotive services to more than 60 million members across the United States and Canada. Individual AAA clubs operate regionally under the national federation. The organization is one of the largest member service clubs in North America and a major provider of travel agency, automotive, and insurance brokerage services.

Why They Hold Your Data

Automobile club membership platforms collect member identity, contact details, vehicle data, billing records, roadside-assistance history, travel-related activity, and household-linked records across membership services.

Recent Developments

AAA has been expanding its digital service capabilities, including mobile roadside assistance dispatch and electric vehicle charging network partnerships as the organization adapts to the shift toward EVs. It has continued growing its insurance and travel service offerings to members. No major governance or structural changes have been prominently reported in the recent period.

Data Points Exposed

3 verified field types
Email Address
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: Scattered Lapsus$ Hunters

Scattered Lapsus$ Hunters
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the TripleA breach?

AAA (the American Automobile Association) suffered a data breach affecting 11.2 million members after a threat actor group calling itself "Scattered LAPSUS$ Hunters" compromised the organization through a supply chain attack on the Salesforce platform. The attack was one of roughly 39 breaches…

What data was exposed?

Verified fields include Email Address, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation