A threat actor has allegedly breached the Ports, Customs and Free Zone Corporation (PCFC), a critical government authority based in Dubai, United Arab Emirates. The PCFC is a cornerstone of the emirate’s economy, responsible for integrating and overseeing trade, logistics, customs, and free zone activities, including major entities like Dubai Customs and the Jebel Ali Free Zone (JAFZA). According to a post on a dark web forum, the cybercriminal claims to have exfiltrated 1.94 TB of data from the corporation’s Security Department during September 2025 and is offering it for sale for $50,000.
The scale of the alleged breach is substantial, reportedly involving over 13 million files. The threat actor provided a detailed list of the types of sensitive information contained within the stolen dataset, which poses a significant risk to individuals and businesses associated with the PCFC. The contents allegedly include a vast amount of Personally Identifiable Information (PII) and official documentation. The specific data types listed for sale are:
- PII: Pass Reference No, Port, Entry Gate, Pass Type, Pass Duration, Purpose of Visit, Date of Visit, Status, Visit Reason, Title, First Name, Last Name, Nationality, Mobile Phone, Email, Date of Birth, Designation, Visa Type, Company Name, Vehicle Type, Vehicle Number, Driving License No
- Entry Pass for Entry Permit (For Individual) – PDF files
- Payment Receipt – PDF files
- Scanned Documents: Driving License, Emirates ID Cards, face images, Visas, Passports, Trade Licenses, Safety Induction Documents, and other supporting business documents.
