Fedex 2025 Data Breach

FedEx Logistics Company Breach (Salesforce, 2025): 166 Million Customer Contact Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Scattered Lapsus$ HuntersLogisticsEmail AddressPhone NumberPhysical Address
Moderate SeverityWebsite / service breach

FedEx Logistics Company Breach (Salesforce, 2025): 166 Million Customer Contact Records Exposed

Global courier delivery and logistics company.

Verified by ObscureIQ Intelligence
48/100Breach Risk Index
10Data Value
40Market Recency
206dSince Breach

Breach Intelligence Summary

Entity: Fedex · Actor: Scattered Lapsus$ Hunters · Sources: 2 references
Attack: Unknown
Profile: Company · Logistics and package delivery · Transportation and supply chain network · Global
Timeline: Breach (2025-10-10) · Indexed (Oct 03, 2025) · Year (2025)
Exposure: 166.3M records · 3 fields: Email Address, Phone Number, Physical Address
Status: Reported

Executive Summary

FedEx suffered a data breach affecting approximately 166.3 million records after threat actors identified as "Scattered LAPSUS$ Hunters" exfiltrated customer data from a Salesforce environment used by the company. The breach was part of a broader campaign targeting multiple corporate Salesforce instances in 2025, with attackers believed to have used compromised third-party OAuth tokens (authorization credentials that allow external applications to access a service) rather than exploiting Salesforce's core platform directly. The group released a sample of the stolen data on October 3, 2025, and claimed the full dataset would follow one week later. Exposed records contain names, email addresses, phone numbers, and home and business mailing addresses, alongside internal account identifiers, shipment tracking numbers, and partial live chat transcripts. The combination of contact details and shipment data is particularly dangerous because it allows criminals to craft scam messages that appear legitimate, referencing real package activity tied to a specific person's address. This makes phishing attempts, delivery impersonation scams, and household-targeted fraud substantially harder for recipients to detect. No confirmed regulatory action or class-action litigation had been publicly disclosed as of the breach date, though the scale and sensitivity of the exposure would likely draw scrutiny under applicable consumer data protection laws. Affected individuals should treat any unexpected delivery notifications or messages referencing their shipment history with heightened suspicion, verify requests through FedEx's official channels directly, and monitor for unsolicited contact using their home address or phone number.

ObscureIQ assessment: High risk of phishing, package fraud, delivery impersonation, and household targeting. Shipment data is especially useful because it makes scam outreach feel immediate and legitimate.

Breach Impact

The 2025 breach reporting tied FedEx to the wider wave of Salesforce-linked customer data theft and extortion activity rather than to a uniquely FedEx-specific intrusion narrative. Public reporting said threat actors leaked samples of data allegedly stolen from multiple Salesforce customers, including FedEx, as part of a broader campaign that Google later assessed involved systematic export of large volumes of data from numerous corporate Salesforce instances using compromised third-party OAuth tokens rather than exploitation of Salesforce’s core platform. In practical terms, that means the breach impact is best framed as exposure of customer or business records through a downstream SaaS environment, creating risks of phishing, impersonation, fraud pretexting, and operational targeting.

About Fedex

FedEx is a global logistics, transportation, and business-services company built around an integrated physical and digital delivery network. The company says it provides transportation, e-commerce, and related business services worldwide, with annual revenue of about $92 billion and a broad portfolio spanning parcel delivery, supply chain operations, and associated enterprise services.

Why They Hold Your Data

Logistics networks collect customer and recipient identity, phone numbers, addresses, shipment histories, delivery instructions, payment-adjacent data, and business shipping records.

Recent Developments

FedEx’s recent public posture has centered on network transformation, digital modernization, and margin expansion. At its February 12, 2026 Investor Day, the company said it was prioritizing smarter supply chains, premium growth in higher-margin verticals, scaling digital and AI capabilities, and further transforming its network through 2029.

Data Points Exposed

3 verified field types
Email Address
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: Scattered Lapsus$ Hunters

Scattered Lapsus$ Hunters
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Fedex breach?

FedEx suffered a data breach affecting approximately 166.3 million records after threat actors identified as "Scattered LAPSUS$ Hunters" exfiltrated customer data from a Salesforce environment used by the company. The breach was part of a broader campaign targeting multiple corporate Salesforce…

What data was exposed?

Verified fields include Email Address, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation