CTT Data Breach Exposes 468K Customer Records on Hacking Forum
Last month, a significant data breach involving CTT, Portugal’s national postal service, came to light after stolen records surfaced on a hacking forum. The compromised dataset included 468,000 unique email addresses, along with customers’ names, phone numbers, and parcel tracking numbers.
Analysis revealed that 55% of the exposed email addresses were already linked to LinkedIn profiles, increasing the risk of targeted phishing or social engineering attacks. The breach highlights vulnerabilities in handling sensitive customer data, particularly in logistics and delivery services where tracking information is frequently shared.
No official statement from CTT regarding the incident’s cause or timeline has been released. The exposure of parcel tracking details could enable malicious actors to intercept or manipulate shipments, posing additional operational and security risks for affected individuals. The incident underscores the growing threat of data leaks in critical infrastructure sectors.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7462300309231603712
CTT - Correios de Portugal cybersecurity rating report: https://www.rankiteo.com/company/ctt-correios-de-portugal-s-a
"id": "CTT1779157559",
"linkid": "ctt-correios-de-portugal-s-a",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '468,000',
'industry': 'Logistics and Delivery',
'location': 'Portugal',
'name': 'CTT',
'type': 'National Postal Service'}],
'data_breach': {'data_exfiltration': 'Yes (data surfaced on a hacking forum)',
'number_of_records_exposed': '468,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information and tracking details)',
'type_of_data_compromised': ['Email addresses',
'Names',
'Phone numbers',
'Parcel tracking numbers']},
'description': 'A significant data breach involving CTT, Portugal’s national '
'postal service, came to light after stolen records surfaced '
'on a hacking forum. The compromised dataset included 468,000 '
'unique email addresses, along with customers’ names, phone '
'numbers, and parcel tracking numbers. The breach highlights '
'vulnerabilities in handling sensitive customer data, '
'particularly in logistics and delivery services where '
'tracking information is frequently shared. The exposure of '
'parcel tracking details could enable malicious actors to '
'intercept or manipulate shipments.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure',
'data_compromised': '468,000 unique email addresses, names, phone '
'numbers, parcel tracking numbers',
'identity_theft_risk': 'Increased risk of targeted phishing or '
'social engineering attacks',
'operational_impact': 'Risk of shipment interception or '
'manipulation'},
'references': [{'source': 'Hacking Forum'}],
'title': 'CTT Data Breach Exposes 468K Customer Records on Hacking Forum',
'type': 'Data Breach'}