On or about October 2025, Discord reported a significant cybersecurity incident (the “Data Breach”) to the California Attorney General’s Office. The breach occurred when a third-party vendor, 5CA, managing Discord’s customer support system was compromised. Hackers claimed to have stolen 1.5 TB of data, including sensitive user information. Discord confirmed that approximately 70,000 individuals were affected.
Discord is a San Francisco, California company which provides a voice, video, and text communication platform, primarily targeted at video gamers, with over two hundred million users, that was first released in May 2015. Discord has approximately 3,800 employees with $1.1 billion in revenue in 2024.
Discord has notified impacted users and is investigating the event, engaging law enforcement and third-party forensic specialists to determine the scope of the breach. If you received a Data Breach notification letter from Discord, it confirms that your information was potentially compromised.
What information is involved in the Discord Data Breach?
Compromised information may include:
Name
Discord Username
Email and Other Contact Details
Limited Billing Information (Payment type, the last four digits of your credit card, and purchase history if associated with your account.)
IP Addresses
Messages With Customer Service Agents
Limited Corporate Data (Training materials, internal presentations.)
Government-ID Images
Your Personally Identifiable Information (PII) includes details that can be used to identify you. It plays a key role in defining your identity. Organizations are legally obligated to safeguard this data, and failure to do so can result in statutory fines and other legal consequences. If PII is stolen, it may be exploited by criminals to commit identity fraud.
A specific category of PII is Protected Health Information (PHI), which pertains to personal medical data. PHI is safeguarded under both federal and state regulations. Entities such as healthcare providers and businesses that manage PHI must ensure its security. Just like PII, compromised PHI can be misused by identity thieves, and it’s common for cybercriminals to use both types of information together.
If your data has been exposed in a breach, one of the most effective steps you can take is to enroll in credit and identity monitoring services promptly.
If you received a NOTICE OF DATA BREACH letter from Discord, and you are a resident of California, your personal, financial, and/or medical information may be at risk. This type of data can be exploited by identity thieves to commit fraud and other crimes.