What data was compromised in the Mondial Relay breach?

The breach allegedly exposed 25.7 million rows of customer data including names, addresses, phone numbers, email addresses, delivery dates, package tracking information, and secure PINs used for package pickup authentication.

When did the Mondial Relay and Colis Privé breach occur?

The threat actor claims the breach occurred around November 22, 2025, when they gained unauthorized access to the company's professional portal.

Who is responsible for the Mondial Relay data breach?

The threat actor DumpSec claims responsibility for the breach and is offering the database for sale on underground forums using cryptocurrency payment.

How many customers are affected by the Colis Privé breach?

The breach affects millions of customers across France and Europe, with approximately 25.7 million rows of data compromised across three service tiers: Private Relay Parcel (15M rows), Private Direct Delivery (8M rows), and Private Home Premium (2.7M rows).

What should I do if I'm a Mondial Relay customer?

Monitor your accounts for suspicious activity, be cautious of phishing emails claiming to be from delivery services, change your package pickup PINs if possible, watch for unusual delivery-related communications requesting personal information, and consider placing fraud alerts on your credit reports.

What type of data breach is this?

This is a logistics and customer database breach affecting parcel delivery services. The compromised data includes personally identifiable information (PII), delivery records, contact details, and authentication credentials for package pickup.

Is Mondial Relay still safe to use after this breach?

While the breach claim has not been independently verified, customers should exercise caution, use strong unique PINs for package pickups, monitor for suspicious communications, and stay alert for official statements from Mondial Relay regarding security measures.

Alleged data breach of Mondial Relay & Colis Privé

API Access for Researchers & Security Teams

SOC teams, researchers, and security professionals can integrate Dark Web Informer's threat intelligence directly into their workflows via API. Access real-time breach data, threat feeds, and monitoring capabilities programmatically.

Learn About API Access

Disclaimer

This breach alert includes material that may contain personally identifiable information (PII) gathered strictly from publicly available sources. All information is provided solely for cybersecurity awareness and threat intelligence purposes.

Quick Facts

Date and Time of Alert

2025-12-26 21:44:35 UTC

Threat Actor

DumpSec

Victim Country

France

Industry

Transportation & Logistics

Victim Org.

Mondial Relay & Colis Privé

Victim Site

mondialrelay.fr

Incident Overview

The threat actor "DumpSec" claims to have compromised Mondial Relay and Colis Privé, two major parcel delivery and logistics providers operating in France and across Europe. The alleged breach involves the extraction of approximately 25.7 million rows of sensitive customer and shipment data from multiple service tiers.

Mondial Relay is a well-established parcel delivery platform operating throughout Europe, providing package delivery services through a network of pickup and drop-off points. Colis Privé is a private parcel delivery service that handles last-mile delivery for e-commerce businesses and consumers.

According to the threat actor's post dated December 26, 2025, the compromised data encompasses three distinct service categories with the following breakdown:

Private Relay Parcel: Approximately 15 million rows of data
Private Direct Delivery Parcel: Approximately 8 million rows of data
Private Home Premium Parcel: Approximately 2.7 million rows of data
Total Dataset: 25.7 million rows of customer and shipment information

The threat actor indicates the breach occurred around November 22, 2025, when they successfully gained unauthorized access to the company's professional portal. Screenshots provided show access to the Colis Privé database system with extensive customer and delivery information.

The exposed data fields allegedly include:

Customer Information: Names, addresses, postal codes, cities, countries, phone numbers, email addresses
Sender Details: Sender names, addresses, postal codes, cities, countries, phone numbers, email numbers
Recipient Information: Recipient names, complete delivery addresses, cities, countries, phone numbers, email addresses
Package Details: Package numbers, customer references, product codes, service types
Delivery Information: Creation dates, pickup dates, delivery dates, status codes, delivery messages, comments
Financial Data: Amounts, secure PINs for package access

This breach poses significant privacy and security risks to millions of customers across France and Europe, potentially exposing:

Detailed shipping and delivery patterns revealing consumer behavior
Complete personal contact information for both senders and recipients
Residential and business addresses linked to specific individuals
Secure PINs used for package pickup authentication
E-commerce transaction details and purchasing patterns
Potential exposure to targeted phishing and social engineering attacks
Physical security risks from address disclosure

The threat actor is offering the database for sale and requesting offers via direct message using cryptocurrency payment only. The breach affects a major logistics infrastructure provider serving millions of European consumers and businesses, potentially impacting supply chain security and customer privacy across multiple countries.