A threat actor claims to have breached and stolen data from Envía, a major Colombian logistics company operated by Colvanes SAS. Envía is a prominent logistics and courier service specializing in freight transport and e-commerce solutions, with operations across more than 1,400 destinations.
The threat actor is offering a large database for sale, allegedly exfiltrated from the company’s systems. The provided proof includes screenshots of internal databases and application backends, suggesting access to sensitive operational and customer information.
According to the actor, the breach involves over 500GB of data, totaling more than 140 million data points. The allegedly compromised data includes:
- Full names of individuals and customers
- Addresses
- Contact numbers
- Personal and corporate identification documents
