TridentLocker claims data breach at bpost, over 30GB out in the open

Published: 3 December 2025
Last updated: 3 December 2025
box-with-bpost-logo

A ransomware operation called TridentLocker has managed to lay its hands on data belonging to the Belgian postal and package delivery service bpost.

According to TridentLocker’s .onion page on the dark web, the ransomware group has stolen 5,140 files, with a total size of 30.46GB. It’s unclear what kind of information has been exfiltrated, but it might include personal information of clients.

The information obtained can be fully downloaded, which may indicate that bpost has refused to pay ransom.

ADVERTISEMENT

Tweakers.net first discovered the bpost data breach. However, the Dutch tech website couldn’t verify the authenticity of the files. The Belgian postal service wasn’t available for comment at the time of discovery.

A spokesperson of bpost confirmed to Belgian news outlet DataNews that a data breach did recently occur and involved a “limited amount of data” originating from a third-party software platform.

limited-amount-of-data
Image by Cybernews.

“A cyber incident has indeed occurred at bpost, more specifically within a department not linked to letters or parcels that works via an exchange platform managed by a supplier. We confirm a limited data breach involving personal and business information of some customers of the department,” the company told DataNews in a statement.

The spokesperson continued by saying that security measures have been taken to contain the data breach and that the company’s security teams have implemented “corrective processes” to minimize the impact of the incident. Bpost’s daily operations aren’t affected in any way.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

“We are working with cybersecurity experts who are leading the investigation. In addition, we have informed the relevant authorities and are cooperating fully with them. Those affected will be informed promptly,” the company added.

TridentLocker is a relatively new threat actor. According to their leak page, as well as ransomware tracking pages, they claim to be responsible for cyberattacks on numerous companies, including GuestTek, Advantage 360, EnQuest, and Calmec.

ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT