A major cybersecurity incident has allegedly struck Almarai, one of the largest food and beverage manufacturers in the Middle East. A threat actor has claimed to have breached the database of the Saudi-based multinational dairy company and has put the data up for sale online. Almarai, a publicly traded company on the Tadawul stock exchange with a reported revenue of over $5 billion in 2023, is a household name in Saudi Arabia and a critical part of the region’s food supply chain. The breach was announced on an online forum on June 16, 2025, with the seller claiming to possess live access to the company’s database.
The perpetrator of the alleged breach is offering the data for a single sale, suggesting the information is comprehensive and valuable. According to samples provided by the seller, the compromised database contains a vast amount of sensitive customer and corporate information. The potential exposure of this data could pose significant risks to Almarai’s customers, partners, and business operations, potentially leading to financial fraud, identity theft, and targeted corporate espionage.
The allegedly leaked data includes a wide array of sensitive details, such as:
- Full customer personal and contact information (Name, mobile, email, address)
- Detailed location data including GPS coordinates (latitude and longitude)
- Customer financial and credit information (Credit limit, credit days, payment mode)
- Commercial registration numbers and VAT registration details
- Business owner and shopkeeper names
- Internal route, depot, and service information
