In October 2025, Scattered Lapsus$ Hunters published 63.62 GB of data (23+ million records) from Vietnam Airlines’ Salesforce CRM system. The initial intrusion occurred around June 2025 as part of the group’s broader campaign targeting 39+ organizations’ Salesforce environments via vishing. Data published October 10, 2025. Vietnam Airlines disclosed the breach on October 14, 2025. Exposed data included customer names, dates of birth, phone numbers, email addresses, and residential addresses. Payment information, passwords, travel itineraries, Lotusmiles loyalty balances, and passport details were not compromised. Have I Been Pwned indexed 7.3 million unique email addresses from the dataset.