Cyber Incident Victim: Nova Poshta
Date:
Feb 2018
Location:
Ukraine
Summary
A major Ukrainian private delivery firm experienced a significant data breach, with personal information from hundreds of thousands of clients allegedly leaked to the dark web. Two databases were reportedly offered for sale: one containing 500,000 records with full names, phone numbers, cities of residence, passport details, and email addresses, and another with 18 million entries listing only names and contact numbers. The seller sought approximately $55 for the more comprehensive dataset. The incident exposed sensitive client details, potentially affecting millions of individuals served by the company.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early February 2018, Ukraine's largest private delivery firm Nova Poshta faced allegations of a significant data breach involving client information. A seller on the dark web offered two distinct databases purportedly containing Nova Poshta customer records. The first database contained 500,000 records with comprehensive personal details including full names, phone numbers, cities of residence, passport information, and email addresses. The second database held a substantially larger set of 18 million records, though these contained less detailed information limited to names and phone numbers. The seller priced the 500,000-record database at 1,500 Ukrainian hryvnia (approximately $55 USD), actively marketing these datasets to potential buyers on underground platforms. Security researcher Kostiantyn Tsentsura publicly reported this alleged leak on February 7, 2018, bringing the incident to wider attention through media coverage in outlets including KyivPost. The breach represented one of Ukraine's largest potential data exposures at the time given Nova Poshta's market position as the country's dominant parcel delivery service.
The exposure of sensitive personal identifiers created substantial risks for affected individuals, particularly through the 500,000-record dataset containing passport details—critical information for identity verification in financial and legal contexts. This comprehensive personal information could facilitate identity theft, financial fraud, and targeted phishing campaigns against victims. While the 18-million-record database contained less detailed information, the sheer volume increased risks of mass spam operations and social engineering attempts. The incident threatened Nova Poshta's reputation as a custodian of sensitive client data, though the company's official response or containment measures weren't detailed in available reports. The dark web sale demonstrated active criminal interest in monetizing stolen delivery service records, with pricing structures indicating perceived value based on data comprehensiveness. No verifiable claims emerged regarding actual misuse of the data or confirmed acquisition by malicious actors beyond the initial sales listing.