Skip to content
Cyber Breaches
Search
Data breachResolved

Vietnam Airlines data breach (2025)

In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released.

Victim
Vietnam Airlines
records
7.3M
SectorTransport

Imported from Have I Been Pwned — pending editorial review and translation to French. The summary below is machine-extracted; consult the source for details.

In 2025-06-20, Vietnam Airlines was affected by a data breach. Approximately 7,316,915 accounts were exposed. In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released.

Sources

  1. haveibeenpwned.comhttps://haveibeenpwned.com/PwnedWebsites#VietnamAirlines
  2. vietnamairlines.comhttps://vietnamairlines.com

Related incidents

Data breachContained

Leak at Mondial Relay

In December 2025, French parcel-delivery firm Mondial Relay disclosed a cyberattack in which attackers accessed customer and shipment data — names, emails, postal addresses, phone numbers and parcel-tracking details; a dark-web actor claimed roughly 25.7 million records.

Victim
Mondial Relay
Data breachContained

Leak at Chronopost

In December 2025, a 680 MB dataset on ~860,000 Chronopost customers — names, emails and parcel details scraped from the La Poste Pickup relay-point network — was published on BreachForums; the data covered shipments from spring 2025.

Victim
Chronopost
Records
860.0K
Data breachContained

Leak at Colis Privé

In November 2025, French parcel-delivery firm Colis Privé disclosed unauthorized access to part of its systems that exposed customer contact data — names, postal and email addresses and phone numbers. A threat actor advertised a dataset reportedly running to tens of millions of rows; no passwords or banking data were affected.

Victim
Colis Privé
Data breachContained

Leak at Digital Charging Solutions

In September 2025, EV-charging billing provider Digital Charging Solutions disclosed that a contracted third-party service provider had accessed customer records without authorization, exposing names and email addresses of an initial single-digit number of affected users.

Victim
Digital Charging Solutions