Albertsons Companies, which says it is one of the largest U.S. food and drug retailers and operates stores across 35 states and the District of Columbia (www.albertsons.com), is tied to a Salesforce CRM leak indexed by leaksear.ch at 623,796 records (leaksear.ch metadata). The dataset is dated October 10, 2025 and includes customer contact and CRM profile data such as names, email addresses, phone numbers and addresses (leaksear.ch metadata).
What happened
Public reporting places Albertsons in the October 2025 Salesforce customer extortion wave associated with Scattered LAPSUS$ Hunters. SecurityWeek and BankInfoSecurity reported that the group leaked data allegedly tied to six organizations, including Albertsons, after Salesforce refused to pay extortion demands, while SC Media also named Albertsons among the victims whose data was said to have been released (www.securityweek.com, www.bankinfosecurity.com, www.scworld.com).
Albertsons-specific attribution remains narrower than the broader Salesforce campaign reporting. DataBreach.com labeled its Albertsons breach listing unverified and said Albertsons had not confirmed a security incident, while Salesforce said the extortion attempts related to past or unsubstantiated incidents and that there was no indication its platform or a known Salesforce vulnerability had been compromised (databreach.com, www.helpnetsecurity.com).
Across the broader campaign, public reporting and an FBI FLASH described attackers targeting Salesforce instances through social engineering and OAuth-based access paths, including malicious connected apps and compromised third-party integration tokens. For this Albertsons dataset, leaksear.ch metadata identifies the source environment as Salesforce CRM but does not establish the initial access vector (leaksear.ch metadata, www.fbi.gov, www.bleepingcomputer.com).
What data was exposed
leaksear.ch indexes the Albertsons records for address, country, date of birth, email address, name, phone number and username searches (leaksear.ch metadata). Stored fields also include Salesforce object metadata and CRM attributes such as club card enrollment and status, mobile and alternate phone fields, gender, company name, title, employee-number fields, account and supplier group identifiers, created and modified dates, photo URL fields and user profile or role identifiers (leaksear.ch metadata). The metadata does not list passwords, payment card numbers or bank-account details among the exposed fields (leaksear.ch metadata).
Why this matters
Public reporting on the broader Salesforce leak-site campaign highlighted phishing and social engineering risks from customer data (www.helpnetsecurity.com). Contact records tied to a grocery and loyalty environment can help attackers craft convincing messages about rewards, delivery issues, account updates or store services. Phone numbers, addresses and date-of-birth fields can also support identity-verification scams and account-recovery attempts. If you think you may be affected, use leaksear.ch to check whether your details appear in this Albertsons leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, name, phone, and username.
Sources
- Albertsons: About Us
- DataBreach.com: Albertsons Breach
- SecurityWeek: Extortion Group Leaks Millions of Records From Salesforce Hacks
- SC Media: Scattered Lapsus$ Hunters release stolen data from Salesforce customers
- BankInfoSecurity: Salesforce Extortion Group Leaks Data After FBI Disruption
- Help Net Security: Hackers launch data leak site to extort 39 victims, or Salesforce
- FBI: Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion
- BleepingComputer: Salesforce refuses to pay ransom over widespread data theft attacks