A threat actor has allegedly posted a claim on a dark web forum, stating that they have obtained and are selling a database belonging to Thailand Post. The post allegedly contains sensitive customer data, including names, phone numbers, email addresses, transaction records, and other personally identifiable information.
According to the forum post the database contains approximately 19 million records. The seller has provided a sample of the data, though they claim that many columns contain null values. The forum post states that while the dataset may not be fully populated with all information fields, it still holds a significant amount of customer data that could be exploited by malicious actors.
The threat actor has allegedly listed the stolen database for sale in CSV format and has claimed they are willing to provide the full dataset after a transaction is completed. They have also mentioned that the dataset includes information such as birth dates, addresses, membership details, and transaction histories.
