Toast Data Breach (2025)

"On August 26, 2025, Toast was made aware of a security issue in Salesloft’s Drift application, a third-party chat support tool that connects to Salesforce, Toast’s customer relationship management system. Upon learning of the issue, we disconnected the app and invalidated Drift’s tokens, preventing any further exposure through this channel. Further information from Salesloft indicated that a threat actor had compromised its systems and that the impact was widespread across its customer base. Toast simultaneously launched our own forensic investigation to understand the scope of the impact to our customers. Our investigation indicates that between August 12, 2025, and August 15, 2025, an actor used credentials stolen from Salesloft to run queries in a small number of tables within our Salesforce instance that contained limited customer information."