JCB India, a leading manufacturer of earthmoving and construction equipment, has allegedly been compromised by a threat actor claiming to possess a significant database of user information. The actor has listed a database purportedly containing 500,000 rows of data for public sale on a cybercrime forum. According to the post, the data was “exported” from the company’s systems and is being offered for a price of $300. The leak appears to stem from a CRM or sales database, potentially a Salesforce instance, given the specific field names present in the sample.
According to the actor, the dataset contains over 375,000 unique mobile numbers and over 140,000 unique email addresses. The allegedly compromised data includes:
-
Full names and salutations
-
Physical addresses (Mailing street, city, state, and pincodes)
-
Contact details (Mobile numbers, phone numbers, and fax numbers)
-
Email addresses (Personal and work)
-
Dates of birth
-
PAN (Permanent Account Number) and GST numbers
-
Account and dealer information
-
Equipment ownership details (Machine models, fleet sizes)
-
Internal Salesforce IDs and lead source data












