In June 2025, Google revealed it was among the latest high-profile organisations caught up in a growing wave of cyber attacks targeting Salesforce CRM systems. At the heart of these attacks is the ShinyHunters extortion group –well known in the cybersecurity world for orchestrating data theft and ransom campaigns against large global brands.

Google’s breach wasn’t the result of a technical glitch in Salesforce, but rather sophisticated social engineering:

• Voice phishing attacks (vishing): Hackers posed as IT support staff, mostly targeting English-speaking employees.
• Malicious software install: Staff were convinced to download a tampered version of Salesforce’s Data Loader tool, which granted attackers access to Google’s customer data stored in Salesforce.

While any breach is concerning, Google reports that the stolen data was limited in scope:

• Business contact details (names, phone numbers, general notes)
• No sensitive payment or advertising data was accessed
• The breach involved information largely available through public channels, although it could still be leveraged for phishing and targeted attacks

The hacking group responsible – ShinyHunters – is believed to be behind a string of similar breaches impacting multinational brands such as:

• Adidas
• Qantas
• Allianz Life
• Cisco
• LVMH (Louis Vuitton, Dior, Tiffany & Co.)

These attacks typically seek ransom payments from affected organisations, with threats to leak or sell data if demands aren’t met. Some companies have reportedly paid substantial sums to keep customer information private.

Google responded quickly and decisively:

• Disabled malicious access immediately
• Conducted a thorough impact analysis
• Enhanced internal mitigations and controls
• Notified affected business clients without delay

Improve Cyber Awareness – Explore our industry leading cyber awareness training platform and train your front line employees to mitigate such a scenario becoming reality in your organisation 

The attack highlights the need for ongoing cybersecurity awareness training:

• Educate staff to recognise phishing, vishing, and social engineering methods
• Encourage scepticism toward unexpected IT support requests

• Limit access to CRM and other cloud platforms
• Employ multi-factor authentication (MFA)
• Regularly review connected applications and user permissions

• Have a clear protocol for reporting suspicious activity
• Ensure rapid investigation and client notification procedures are in place

While Google’s breach did not expose payment or highly sensitive information, it demonstrates how quickly threat actors can compromise even the most secure environments by targeting employees directly. UK companies must treat cybersecurity as a holistic challenge – combining technology, policy, and awareness to defend against future attacks.

Stay one step ahead of cyber threats with DataFortified’s comprehensive cybersecurity services. We provide tailored solutions designed to protect UK SMBs from today’s complex digital risks. Our expert team combines advanced threat intelligence, continuous monitoring, and proactive incident response to safeguard your business around the clock.

DataFortified empowers your organisation to identify vulnerabilities before they are exploited, streamline your security operations, and ensure regulatory compliance. By partnering with us, you transition from reactive firefighting to strategic defence – reducing risk, saving costs, and maintaining business continuity.

Don’t leave your cybersecurity to chance. Contact DataFortified today to learn how our customised services can strengthen your security posture and protect your organisation’s future.

We’re here to help whenever you need us. To do so follow your preferred methos below:

Website Consultation Form: Book a Consultation

Email Us: Sales@datafortified.com