CTT Data Breach Exposes 468K Portuguese Accounts

/HIGH
Written by SCW Research Research & Analysis
SCW data-breach
CTT Data Breach Exposes 468K Portuguese Accounts

In April 2026, data allegedly sourced from CTT, Portugal’s national postal service, surfaced on a public hacking forum. Have I Been Pwned reported that this breach impacts 468,124 unique email addresses.

The compromised dataset includes names, phone numbers, and parcel tracking numbers. Have I Been Pwned noted that these tracking numbers could be exploited to retrieve the complete tracking history of parcels, revealing sensitive logistical information.

This incident highlights the persistent risk to critical infrastructure. Even seemingly innocuous data like parcel tracking information can be weaponized for reconnaissance, social engineering, or to track individuals, underscoring the need for robust data protection across all operational layers.

What This Means For You

  • If your organization relies on CTT services, or if your employees are customers, assume their personal and shipment data is exposed. Advise staff to be vigilant against phishing attempts leveraging parcel tracking details. For security teams, assess your third-party risk with CTT and similar service providers.

πŸ›‘οΈ Detection Rules

3 rules Β· 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β€” export to any SIEM format via the Intel Bot.

critical T1119 Collection

Free Tier - CTT Data Breach - Suspicious Data Exposure via Web Server

Sigma YAML β€” free preview

Source: Shimi's Cyber World Β· License & reuse

βœ“ Sigma Β· Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM β†’

Written by SCW Research

Take action on this incident
πŸ“‘ Monitor ctt.pt Free Β· 1 watchlist slot Β· instant alerts on new breaches πŸ” Threat intel on CTT All breaches, IOCs & vendor exposure