A threat actor has claimed responsibility for an alleged breach involving Reltio, a U.S.-based cloud-native Master Data Management (MDM) platform used by enterprise organizations to centralize and manage customer data.
According to a forum post published on May 20, the actor claims to have obtained a 2022 customer database backup containing approximately 879,914 records allegedly tied to Reltio environments. The dataset was advertised as containing customer identity information, contact details, loyalty program data, and fields referencing medical and recreational status indicators.
The post was published by the same threat actor previously linked to alleged breaches involving VentureYours, Peet’s Coffee, and ReferralRock. :contentReference[oaicite:0]{index=0}
Medical and loyalty data allegedly included in leak
The threat actor claimed the leaked archive contains approximately 1.65 GB of CSV data allegedly extracted from a Reltio customer backup dating back to 2022.
According to the post, exposed fields allegedly include:
- Full names
- Dates of birth
- Email addresses
- Phone numbers
- Home addresses
- Postal codes
- Gender identifiers
- Loyalty balances and spending totals
- Internal customer IDs
- Medical and recreational usage flags
The actor also published sample CSV records allegedly showing customer contact details, location data, loyalty program information, and records containing references to medical marijuana program identifiers.
BreachNews is not reproducing the exposed records due to the sensitive nature of the alleged data.
Claim centers on 2022 backup archive
The forum post specifically claims the alleged breach involved a backup from 2022 rather than current production systems. The actor described the incident as a “full compromise” of a customer database backup tied to Reltio’s cloud-native MDM platform.
Reltio provides enterprise data management and customer identity solutions used across healthcare, retail, and financial services environments to centralize operational and customer information.
Because MDM platforms often aggregate data from multiple downstream systems, breaches involving centralized customer datasets can create elevated privacy and compliance risks depending on the information stored by clients.
At time of publication, Reltio had not issued any public statement regarding the claims.
BreachNews has not independently verified the authenticity of the alleged dataset or confirmed whether Reltio systems were compromised.
