Ukrainian internet service provider “Express” (express.net.ua) has allegedly become the victim of a significant data breach. A threat actor has posted a database containing what is claimed to be sensitive information of nearly 390,000 users for sale on a dark web forum. Express is a regional telecommunications company that provides home and business internet services across various parts of Ukraine, including the Zaporizhzhia region. The breach could impact a substantial number of the company’s customers, exposing their personal and financial information.
The threat actor claims the dump contains a total of 388,607 lines of user, payment, and operational data extracted from the company’s servers. The sale post details multiple CSV files, suggesting a comprehensive exfiltration of the provider’s records. Samples of the data appear to corroborate the claims, revealing a wide range of sensitive information.
The allegedly leaked data includes:
- User Information: Full names, passwords, phone numbers, and internal account details.
- Payment and Financial Data: Detailed payment records from various services, including transaction IDs and, in some cases, customer names and addresses embedded in XML data.
- Service Requests and Memos: Customer service requests which include user addresses, connection and disconnection dates, and internal staff comments.
- New User Applications: Information from new user applications containing names, phone numbers, and street addresses.
- Administrative Data: The actor also claims to have admin logins and password hashes.
![[Updated]Austrian Crypto Giant Bitpanda Allegedly Breached – 5.4 Million User Data for Sale](https://dailydarkweb.net/wp-content/uploads/2025/06/bitpanda-350x250.webp)
