Revolution Parts, an Arizona-based e-commerce platform specializing in automotive parts and accessories, suffered a cyberattack resulting in the exfiltration of sensitive customer data. Over 5.1 million customers had their personal information compromised, including full names, phone numbers, email addresses, IP addresses, home addresses, and device details. The breach likely originated from account setup pages and purchase forms, exposing users to risks such as targeted scams, identity profiling, and future fraud.The stolen data could enable threat actors to launch device-specific phishing attacks or targeted intrusions, particularly against automotive OEMs (Original Equipment Manufacturers) that rely on Revolution Parts’ services. Researchers also warned that attackers might be selling outdated information to mislead other cybercriminal groups, further complicating the threat landscape. The incident underscores the severe risks of large-scale customer data exposure in e-commerce platforms, where personal and device-level details can be weaponized for financial and operational exploitation.
Source: https://www.scworld.com/brief/over-5-1m-impacted-by-purported-revolution-parts-breach
RevolutionParts cybersecurity rating report: https://www.rankiteo.com/company/revolutionparts
"id": "REV0821208112425",
"linkid": "revolutionparts",
"type": "Cyber Attack",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5.1 million',
'industry': 'Automotive Parts and Accessories',
'location': 'Arizona, USA',
'name': 'Revolution Parts',
'type': 'E-commerce Platform'}],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '5.1 million',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (Includes PII such as full '
'names, addresses, phone numbers, and '
'device details)',
'type_of_data_compromised': ['Personal Information',
'Device Information']},
'description': 'Arizona-based automotive parts and accessories e-commerce '
'platform Revolution Parts had data from more than 5.1 million '
'of its customers allegedly exfiltrated following a '
"cyberattack. The compromised data included clients' full "
'names, phone numbers, email addresses, IP addresses, home '
'addresses, and device details, reportedly obtained from '
'account setup pages and purchase forms. Threat actors could '
'use this information for targeted scams, identity profiling, '
'or future fraud. The data could also be leveraged for '
'targeted intrusions against automotive OEMs, though '
'researchers caution that the information might be outdated '
'and repackaged to deceive other threat operations.',
'impact': {'brand_reputation_impact': 'High (Potential loss of trust due to '
'exposure of sensitive customer data)',
'data_compromised': ['Full Names',
'Phone Numbers',
'Email Addresses',
'IP Addresses',
'Home Addresses',
'Device Details'],
'identity_theft_risk': 'High (Identity profiling and targeted '
'scams likely)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely (Stolen data may '
'be repackaged and sold)',
'high_value_targets': ['Automotive OEMs '
'(Potential)']},
'motivation': ['Financial Gain',
'Data Theft for Resale',
'Targeted Intrusions (Potential)',
'Fraud'],
'references': [{'source': 'Cybernews'}],
'title': 'Data Breach at Revolution Parts Affecting 5.1 Million Customers',
'type': 'Data Breach / Cyberattack'}