A threat actor is claiming to possess and sell a massive dataset allegedly stolen from SMSA Express, a major Saudi Arabian courier and logistics provider, exposing what they describe as more than 124 million shipment records containing sender and recipient information.
According to the forum listing, the purported dataset totals approximately 261 GB and contains 124,734,059 records. The actor claims each record includes information relating to both senders and recipients, potentially affecting individuals and businesses across SMSA’s international logistics network.
The claims remain unverified. BreachNews has not independently verified the authenticity of the data or confirmed that the records originated from SMSA Express.
SMSA Express is one of Saudi Arabia’s largest logistics and courier companies, providing domestic and international shipping, freight forwarding, customs clearance, healthcare logistics, e-commerce fulfillment, and mailroom management services across a network spanning more than 230 countries.
Listing claims shipment and customer information exposed
The threat actor claims the dataset contains detailed shipping and logistics information associated with more than 124 million shipment records.
According to the listing, the allegedly exposed information includes:
- Shipment tracking numbers
- Sender and recipient names
- Phone numbers
- Delivery addresses
- City and location information
- Package status data
- Shipment weights and piece counts
- Declared values and currencies
- Commodity descriptions
- Delivery and scan records
- Account-related identifiers
The actor claims the data covers both domestic and international shipments and includes records associated with businesses, healthcare organizations, retailers, financial institutions, and individual customers.
Actor alleges continued access to internal systems
The listing includes screenshots that purportedly show access to an internal SMSA management platform containing employee and operational administration functions.
Visible modules in the screenshots appear to reference employee management, user administration, operations, order management, tracking systems, and logistics-related functions. While the images may support the actor’s claim of internal access, they do not independently verify the authenticity of the alleged dataset or the scale of the claimed exposure.
The actor further claims they previously attempted to contact the company through internal systems but allegedly retained access after those messages were removed. BreachNews could not independently verify those assertions.
Logistics records can create significant privacy risks
If authentic, exposure of large-scale shipment data could create privacy and security concerns for both businesses and individuals. Logistics records frequently contain personal contact information, delivery addresses, purchasing information, and details about goods being transported.
Such information may also provide threat actors with insight into customer relationships, supply chains, business operations, and delivery patterns that could be leveraged in fraud, phishing, or social engineering campaigns.
The scale of the claimed dataset would make it one of the larger logistics-sector exposures reported in recent months if verified.
At the time of publication, SMSA Express had not issued any public statement regarding the alleged breach.
BreachNews will update this article if SMSA Express confirms an incident or provides additional information regarding the claims.
