Update: Salesforce Drift App Breach Expands to Toast, Inc.

On August 28, 2025, Salesforce, the world’s largest CRM platform, issued a notice that the Drift App, an application available on Salesforce’s AppExchange, experienced a significant data breach. While the Drift App was a third-party application (published by Salesloft), the breach involved unauthorized access to Salesforce customer data.

The scope of the breach has since expanded. Most recently Toast, Inc., the point-of-sale payment processing, payroll and software services company (relied heavily upon in the restaurant industry) has had its data systems compromised.

Toast has announced that it suspects that the following data types have been compromised: (1) Name, Email, Business Address; (2) correspondence with Customer Service (hardware lease data; pricing and rate inquiries, technical support data, billing documents, case numbers and additional data Toast customers shared with Toast); and (3) metadata on Toast sales and marketing. The full scope of the breach is presently unknown.

Post-breach obligations by businesses using Toast can be significant. If customer data is compromised, several jurisdictions require individual customer notices and disclosures or face significant fines and regulatory action. Other jurisdictions require self-reporting to the relevant regulator, with increasing fines associated with delayed action. Insurance companies may require notice and consent to response efforts, before paying coverage.

If you believe your organization has been impacted by the Toast, Inc., data breach, Brown Rudnick’s Cybersecurity and Data Breach Response Team can advise you on next steps. Please contact Matthew Richardson, Morgan Jones, Rodger D. Moss, Jr., or Daniel Healy, or call 1 (800) 281-8763. Our dedicated cyber breach team will respond within 15 minutes, 24/7.