Incident Overview

A threat actor operating under the handle "daghetiaw" claims to have breached PCComponentes, a Spanish company specialized in selling computer hardware and electronics. According to the post, PCComponentes has been active since 2005, is based in Alhama de Murcia, Spain, and ships to customers throughout Spain as well as internationally. The threat actor states the database contains more than 16,384,110 registered individuals.

The claimed data includes NIF (Spanish tax identification numbers), orders placed, invoices, address information including tracking numbers, postal codes, first names, last names, and phone numbers. The post also mentions Zendesk tickets with messages sent during customer support interactions. Additionally, the threat actor claims access to banking information such as credit card types, expiration dates, and other details, as well as wishlists, customer IP addresses, person's rank among purchasers, and various other statistics. The seller is offering 500,000 records for free, accepting escrow on BreachForums, and providing sample data via nopaste.net and sample PDF invoices via ibb.co.