Yalidine El Djazair Service SPA, one of the largest private express postal and logistics companies in Algeria, has allegedly been compromised. The company, which holds a significant share of the domestic e-commerce market and manages an extensive network of agencies across the country, is the subject of a new data sale listing on a cybercrime forum. The threat actor is offering a 123 GB archive of internal documents for $8,000, claiming the data is “completely fresh and active” with records dating into 2025.
The allegedly compromised data includes a vast array of sensitive internal records. According to the listing, the archive contains:
-
Administrative and Legal Documents: Agency premises lease contracts, trade registries, tax identification numbers (NIF), and statistical identification numbers (NIS).
-
Human Resources (HR) Records: Full access to employee and driver information, including employment contracts with full names, addresses, phone numbers, and signatures.
-
Financial Documents: Electricity and gas invoices, daily financial bulletins (BRQ) for months in 2025, agency cash flow reports, and financial correction reports.
-
Customer and Shipment Data: Thousands of shipment forms containing names, phone numbers, exact addresses, package contents, and item values.
-
Proof of Delivery: Delivery labels and proof of delivery (POD) documents featuring signatures, stamps, and occasionally copies of national ID cards (CNI).
-
Operational Forms: Parcel collection slips and scans of handwritten labels.
