Cybercriminals tricked employees at major global companies into handing over Salesforce access and used that access to steal millions of customer records.
Here’s the McAfee breakdown on what happened, what information was leaked, and what you need to know to keep your data and identity safe:
What’s Happening
Hackers claim they’ve stolen customer data from multiple major companies, including household names like Adidas, Cisco, Disney, Google, IKEA, Pandora, Toyota, and Vietnam Airlines. Security Week has reported throughout 2025 on a wave of social-engineering attacks exploiting human – rather than platform – vulnerabilities.
According to The Wall Street Journal, the hacking group has already released millions of Qantas Airlines customer records and is threatening to expose information from other companies next.
The data reportedly includes names, email addresses, phone numbers, dates of birth, and loyalty program details. While it doesn’t appear that financial data was included, this kind of personal information can still be exploited in phishing and scam campaigns.
Salesforce has issued multiple advisories stressing that these attacks stem from credential theft and malicious connected apps – not from a breach of its infrastructure.
Unfortunately, incidents like this aren’t rare, and they’re not limited to any one platform or industry. Even the most sophisticated companies can fall victim when hackers rely on social engineering and manipulation to breach secure systems.
How the Hackers Did it
Hackers reportedly called various companies’ employees pretending to be IT support staff—a tactic known as “vishing”—and convinced them to share login credentials or connect fake third-party tools, essentially handing the criminals the keys to their accounts. Once inside, they accessed customer databases and stole the information stored there.
Think of it less like a burglar breaking a lock, and more like someone being tricked into opening the door.
What data was leaked
So far, leaked data appears to include:
- Names and email addresses
- Phone numbers
- Dates of birth
- Home or mailing addresses
- Loyalty or frequent-flyer numbers
There’s no indication of credit card or banking data in the confirmed leaks, but that doesn’t mean you’re in the clear.
Why this matters to you
Even if your financial information isn’t exposed in a data breach, personal details like name and address can still be used for targeted scams and phishing. When that information is stolen and sold online, scammers use it to:
- Send realistic phishing emails or texts that reference real details about you.
- Try to log into your other accounts if you reuse passwords.
- Launch “refund” or “account verification” scams tied to brands you trust.
Even if your data isn’t part of this specific leak, these attacks highlight how often your information moves through third-party systems you don’t control.
How to find out if you’ve been affected
- Check your email: If you’re a member or customer of one of the named companies, watch for official notifications.
- Use a trusted breach-checking site: Visit Have I Been Pwned or sign in to your McAfee account to scan for recent breaches linked to your email. You can also sign up for a free trial of McAfee antivirus to protect your devices.
- Avoid “dark web lookup” services: Some of these are scams themselves. Stick to legitimate sources.
What to do now
1) Change your passwords—today.
Use strong, unique passwords for every account. McAfee’s password manager can help. Try our random password generator here.
2) Turn on two-factor authentication (2FA).
Even if a hacker has your password, they can’t get in without your code.
3) Monitor your financial and loyalty accounts.
Watch for strange charges, redemptions, or password reset emails you didn’t request.
4) Freeze your credit.
It’s free and prevents new accounts from being opened in your name. You can unfreeze it anytime. McAfee users can employ a “security freeze” for extra protection.
5) Be extra cautious with “breach” emails or calls.
Scammers often pretend to be from affected companies to “help you secure your account.” Don’t click links or give information over the phone. Go directly to the company’s website or app or your own IT team if a breach happens at your workplace.
6) Consider identity protection.
McAfee’s built-in identity monitoring can monitor your personal info across the dark web, send alerts if your data appears in a breach, and include up to $1 million in coverage for identity recovery expenses.
What scams to expect next
- Fake refund or compensation offers. “We noticed your account was impacted. Claim your refund here.” Don’t click.
- Loyalty-point phishing. Emails that look like they’re from an airline or retailer asking you to log in to “protect your rewards.”
- MFA fatigue scams. Attackers repeatedly send login codes to wear you down, then call pretending to be support asking you to read one aloud. Don’t.
Need ongoing protection?
Your data could already be out there, but you don’t have to leave it there.
McAfee helps you take back control. Using advanced artificial intelligence, McAfee’s Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, stopping harm before it happens.
And McAfee’s Personal Data Cleanup can help you check which data brokers have your private details and request to have it removed on your behalf.
Stay ahead of scammers. Check your exposure, clean up your data, and protect your identity, all with McAfee.
Learn more about McAfee and McAfee Scam Detector.
More reading:
What to do if you’re caught up in a data breach
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
