Hallmark Data Breach Exposes 1.7 Million Customer Records
In a recent cybersecurity incident, greeting card giant Hallmark confirmed a data breach that occurred in March, with attackers gaining access to its Salesforce environment. The stolen data published this week includes 1.7 million unique email addresses, along with names, phone numbers, physical addresses, and customer support ticket details.
Analysis of the exposed records reveals that 82% of the affected email addresses were already linked to LinkedIn profiles, suggesting potential overlap with professional networks. The breach highlights vulnerabilities in third-party integrations, as attackers exploited access to Salesforce, a widely used customer relationship management (CRM) platform.
The incident underscores the risks of storing sensitive customer data in cloud-based systems and the growing trend of attackers targeting enterprise software to extract large-scale datasets. No financial or payment information was reported as compromised, but the exposure of personal details raises concerns about phishing and identity-related fraud. The full impact of the breach remains under investigation.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7448918395984707584
Salesforce cybersecurity rating report: https://www.rankiteo.com/company/salesforce
Hallmark Cards cybersecurity rating report: https://www.rankiteo.com/company/hallmark-cards
"id": "SALHAL1775967850",
"linkid": "salesforce, hallmark-cards",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1.7 million',
'industry': 'Greeting Cards, Gifts',
'name': 'Hallmark',
'type': 'Corporation'}],
'attack_vector': 'Third-party integration exploitation',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '1.7 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': ['Email addresses',
'Names',
'Phone numbers',
'Physical addresses',
'Customer support ticket '
'details']},
'description': 'In a recent cybersecurity incident, greeting card giant '
'Hallmark confirmed a data breach that occurred in March, with '
'attackers gaining access to its Salesforce environment. The '
'stolen data published this week includes 1.7 million unique '
'email addresses, along with names, phone numbers, physical '
'addresses, and customer support ticket details. The breach '
'highlights vulnerabilities in third-party integrations, as '
'attackers exploited access to Salesforce, a widely used '
'customer relationship management (CRM) platform. The incident '
'underscores the risks of storing sensitive customer data in '
'cloud-based systems and the growing trend of attackers '
'targeting enterprise software to extract large-scale '
'datasets. No financial or payment information was reported as '
'compromised, but the exposure of personal details raises '
'concerns about phishing and identity-related fraud.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of customer data',
'data_compromised': '1.7 million unique email addresses, names, '
'phone numbers, physical addresses, customer '
'support ticket details',
'identity_theft_risk': 'High (phishing and identity-related fraud '
'concerns)',
'payment_information_risk': 'None reported',
'systems_affected': 'Salesforce CRM'},
'investigation_status': 'Under investigation',
'lessons_learned': 'Risks of storing sensitive customer data in cloud-based '
'systems and vulnerabilities in third-party integrations.',
'post_incident_analysis': {'root_causes': 'Exploitation of Salesforce '
'environment access'},
'title': 'Hallmark Data Breach Exposes 1.7 Million Customer Records',
'type': 'Data Breach',
'vulnerability_exploited': 'Salesforce environment access'}