Google 2025 Data Breach

Google Employee Data Breach (2025): 2.6M Records Including Phone & Home Address | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Scattered Lapsus$ HuntersAdvertisingEmail AddressPhone NumberPhysical Address
Moderate SeverityWebsite / service breach

Google Employee Data Breach (2025): 2.6M Records Including Phone & Home Address

Multinational technology company specializing in internet services.

Verified by ObscureIQ Intelligence
39/100Breach Risk Index
8Data Value
40Market Recency
206dSince Breach

Breach Intelligence Summary

Entity: Google · Actor: Scattered Lapsus$ Hunters · Sources: 2 references
Attack: Unknown
Profile: Company · Search, advertising, and cloud services · Platform ecosystem + SaaS · Global
Timeline: Breach (2025-10-10) · Indexed (Oct 03, 2025) · Year (2025)
Exposure: 2.6M records · 3 fields: Email Address, Phone Number, Physical Address
Status: Reported

Executive Summary

Google's internal advertising division was caught up in a supply chain attack targeting Salesforce in 2025. A threat group calling itself "Scattered LAPSUS$ Hunters" claimed responsibility, releasing a sample of stolen data on October 3, 2025, with the full dataset reportedly scheduled for release on October 10. The records, described by the attackers as Google AdSense employee and contractor data, affected approximately 2.6 million individuals. Salesforce attributed the campaign to vulnerabilities in customer-side integrations rather than its core platform. The exposed data includes email addresses, phone numbers, and home addresses. Because this is workforce data rather than consumer data, the people most directly at risk are Google employees and contractors connected to its advertising operations. That combination of contact details is enough to enable targeted phishing, social engineering, and identity-based fraud against those individuals. Google has not issued detailed public statements about this specific exposure. No regulatory actions or breach notifications have been publicly confirmed at this time. Affected individuals face a credible risk of phishing attempts and impersonation, particularly through email and phone. Anyone who believes they may be included should be alert to unsolicited contact and consider monitoring their accounts for unusual activity.

ObscureIQ assessment: Extremely high risk due to breadth and centrality. Exposure can enable account takeover, identity linkage, profiling, phishing, and downstream compromise across many connected services and organizations.

Breach Impact

Google appeared on the Scattered LAPSUS$ Hunters dark web leak site in October 2025 as part of the Salesforce campaign, with the exposed data specifically characterized as Google AdSense employee records — email addresses, phone numbers, and home addresses for approximately 2.5 million individuals — rather than general consumer data. The nature of the exposure as employee and contractor data connected to an advertising division makes this a workforce privacy incident rather than a consumer breach. Google has not made detailed public statements about this specific exposure. Salesforce attributed the campaign to customer-side integration vulnerabilities.

About Google

Google is a multinational technology company and subsidiary of Alphabet Inc., operating the world's dominant search engine alongside a broad portfolio of products including Gmail, Google Maps, YouTube, Google Cloud, Android, and the Chrome browser. Headquartered in Mountain View, California, and publicly traded on Nasdaq, Google is one of the largest companies by market capitalization globally and generates the majority of its revenue through digital advertising.

Why They Hold Your Data

Large platform ecosystems collect user identity, emails, phone numbers, authentication data, device identifiers, search and service activity, advertising signals, cloud account records, and support interactions across consumer and enterprise services.

Recent Developments

Google has been aggressively investing in and deploying AI across its product suite, most visibly through Gemini — its large language model — integrated into Search, Workspace, and Android. The company faces sustained antitrust proceedings in the United States and Europe, including a 2024 federal court ruling finding it had illegally maintained a monopoly in search. Google has continued expanding its cloud computing business as a strategic growth priority.

Data Points Exposed

3 verified field types
Email Address
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: Scattered Lapsus$ Hunters

Scattered Lapsus$ Hunters
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Google breach?

Google's internal advertising division was caught up in a supply chain attack targeting Salesforce in 2025. A threat group calling itself "Scattered LAPSUS$ Hunters" claimed responsibility, releasing a sample of stolen data on October 3, 2025, with the full dataset reportedly scheduled for release…

What data was exposed?

Verified fields include Email Address, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation