What data was allegedly breached?

The threat actor claims the database contains approximately 1.5 million records across two SQL files totaling 4 GB. The data reportedly includes customer emails, phone numbers, MD5 password hashes, full names, shipping addresses, passport numbers, tax IDs, and bank ID tokens from the NBU souvenir coin sales service.

Data Breaches

Alleged Data Breach of the National Bank of Ukraine Souvenir Coin Service Exposes 1.5 Million Records

Q: What organization was affected?

The alleged victim is the National Bank of Ukraine's souvenir collectible coin sales service operating at coins.bank.gov.ua.

, and Dark Web Informer

February 19, 2026 . 5:01 PM

7 min read

Quick Facts

Date & Time 2026-02-19 06:36:41 UTC

Threat Actor cyandiboo

Victim Country Ukraine

Ukraine

Industry Banking / Government

Victim Organization National Bank of Ukraine (NBU)

Victim Site coins.bank.gov.ua

Category Data Breach

Severity High

Network Open Web

Total Records ~1.5 Million

Incident Overview

A threat actor using the handle cyandiboo posted a listing on DarkForums claiming to be selling a database from the National Bank of Ukraine's souvenir collectible coin sales service at coins.bank.gov.ua. The dataset is described as a 4 GB SQL dump updated in 2026 containing approximately 1.5 million total records across two files: a customers table with around 270,000 records including emails, phone numbers, and MD5 password hashes, and an orders table with approximately 1.2 million records containing full names, shipping addresses, phone numbers, and emails. Sample data columns visible in the listing also reference customers_inn (tax identification numbers), customers_passport, and bank_id_token fields.