Vietnam Airlines customer CRM data has been indexed by leaksear.ch as a 9,792,201-record leak tied to a June 2025 breach and an October 2025 public release (leaksear.ch metadata). Have I Been Pwned separately lists Vietnam Airlines as affected in a June 2025 Salesforce-environment breach involving 7.3 million unique email addresses, with names, phone numbers, dates of birth, and loyalty program membership numbers also exposed (haveibeenpwned.com).
What happened
Vietnam Airlines confirmed on October 14, 2025, that it had identified a data breach involving a third-party customer service platform operated by a global technology partner, and said unauthorized access may have occurred to certain customer data processed through that platform (www.vietnamairlines.com). The airline said its internal IT systems were not affected, and that payment information, passwords, travel itineraries, Lotusmiles balances, and passport details remained secure (www.vietnamairlines.com).
Public reporting tied the incident to a broader Salesforce extortion campaign. Help Net Security reported that Scattered LAPSUS$ Hunters launched a data leak site listing 39 companies, including Vietnam Airlines, and BleepingComputer reported that Salesforce said it would not pay an extortion demand after threat actors claimed nearly 1 billion records from Salesforce customers (www.helpnetsecurity.com, www.bleepingcomputer.com).
Hackread reported that data for six companies, including Vietnam Airlines, was made public on October 10, 2025, and described the Vietnam Airlines archive as JSON data from the Salesforce campaign. Outpost24 reported that Vietnam Airlines data was among six victim datasets publicly released in the October 11 to October 13 window (hackread.com, outpost24.com).
What data was exposed
The leaksear.ch indexing metadata lists the directly searchable fields as address, country, date of birth, email address, name, and phone number (leaksear.ch metadata). The same metadata also includes record fields for Lotusmiles or frequent flyer identifiers, account and contact IDs, CRM status fields, age or year of birth, gender, preferred language, last travel date, business account details, cargo-related contact fields, tax-related fields, and Salesforce timestamps or system metadata (leaksear.ch metadata).
HIBP's entry for the breach lists dates of birth, email addresses, loyalty program details, names, and phone numbers as compromised data (haveibeenpwned.com). Vietnam Airlines has publicly stated that payment information, passwords, travel itineraries, Lotusmiles balances, and passport details remained secure (www.vietnamairlines.com).
Why this matters
For affected customers, the main risk is targeted social engineering, especially phishing emails, fake airline support calls, loyalty-program scams, and attempts to use known personal details to bypass account checks. Vietnam Airlines specifically warned customers to watch for suspicious emails or phone calls impersonating the airline and not to share OTPs or login credentials with unverified sources (www.vietnamairlines.com). Security teams should treat this as CRM-derived customer PII exposure rather than a confirmed password or payment-card dump unless their own investigation shows otherwise.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, name, and phone.
Sources
- Have I Been Pwned: Vietnam Airlines Data Breach
- Vietnam Airlines: Information Regarding Customer Data Breach
- Help Net Security: Hackers launch data leak site to extort 39 victims, or Salesforce
- BleepingComputer: Salesforce refuses to pay ransom over widespread data theft attacks
- Hackread: ShinyHunters Leak Data from Qantas, Vietnam Airlines and Other Major Firms
- Outpost24: Salesforce breach escalates: Qantas & Vietnam Airlines data leaked on dark web