Hacking groups to release 1 billion customer records unless demands are met
09/10/2025 | Tech Digest
An alliance of prominent cyberattackers made up of Scattered Spider, Lapsus$, and ShinyHunters has dramatically escalated its ransomware demands. The group, who go by the name Scattered Lapsus$ Hunters, have set a deadline of 10 October for payment after allegedly stealing one billion customer records from 39 major global companies. The list of companies being extorted includes Disney, Google, and Marks & Spencer. The alliance, built around the Scattered Spider group, threatens to publicly release the data trove if the ransom is not paid.
The hackers claim the data was exfiltrated from systems hosted by software giant Salesforce, accusing the company of "criminal negligence." However, Salesforce vehemently denies that its core platform was compromised, asserting that the claims relate to past or unsubstantiated incidents. Instead, the company attributes the breaches to sophisticated social engineering attacks directed at individual client companies, highlighting the critical security challenge posed by human error and deception.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 6,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.