Leak at Colis Privé
In November 2025, French parcel-delivery firm Colis Privé disclosed unauthorized access to part of its systems that exposed customer contact data — names, postal and email addresses and phone numbers. A threat actor advertised a dataset reportedly running to tens of millions of rows; no passwords or banking data were affected.
- Victim
- Colis Privé
On 21 November 2025, Colis Privé — a French last-mile parcel-delivery carrier — disclosed an incident involving "unauthorized and limited access" to certain data on part of its systems. The intrusion was confirmed in the days that followed and exposed the personal contact details of a large share of its customer base.
A threat actor operating under the name "DumpSec" advertised the stolen dataset on a cybercrime forum, with claims ranging from roughly 15 million personal records to a leaked file of around 25 million rows of customer and shipping data. The exact technical entry point was not publicly disclosed by the company.
The exposed data was limited to identification and delivery-related contact information:
- Surname and first name
- Postal address
- Email address
- Phone number
Colis Privé stated that no passwords, banking details or other financial data were affected. The company contained the incident and warned customers to be wary of delivery-themed phishing and scam messages (fake parcel-tracking SMS, fraudulent re-delivery requests), which the exposed contact data makes easier to target.
Sources
- zataz.comhttps://www.zataz.com/mondial-relay-et-colis-prive-alertent-sur-un-acces-non-autorise-aux-donnees-utilisateurs/
- usine-digitale.frhttps://www.usine-digitale.fr/article/cyberattaque-colis-prive-signale-un-acces-non-autorise-a-ses-systemes-ayant-expose-des-donnees-clients.N2241818
- journaldugeek.comhttps://www.journaldugeek.com/2025/11/24/colis-prive-victime-dune-fuite-de-donnees-majeure-des-millions-de-clients-sont-concernes/
- next.inkhttps://next.ink/210326/itineraire-dune-actu-colis-prive-et-sa-fuite-de-donnees/