A dark web user has claimed a significant breach targeting an Australian courier services company, BHF Couriers. The BHF Couriers data breach, attributed to a threat actor known as Okhotnik, purportedly resulted in the exfiltration of a vast trove of data from the company’s systems.
According to a post on BreachForums dated April 10, 2024, Okhotnik asserted responsibility for infiltrating BHF Couriers’ infrastructure and subsequently extracting a substantial database.
The leaked dataset, reportedly comprising 19.2 million records, encompasses a wide array of information including invoices, order details, addresses, credit card particulars, and contact numbers.
Okhotnik substantiated these claims by providing a list of files purportedly sourced from the BHF Couriers data leak. However, BHF Couriers has refuted these claims, stating the data is from 2009.
BHF Couriers Data Breach Claims Vs Response
The ramifications of such an incident extend beyond the BHF Couriers potentially impacting broader users, including clients, users, and stakeholders. With the leaked records allegedly originating from BHF Couriers Express Pty Ltd, the threat actor, Okhotnik, currently holding an MVP position on BreachForums, claims to have access to 12GB of data, compressed to 1.1GB in .csv format.
The Cyber Express has reached out to the organization to learn more about this Alleged BHF Couriers data leak and any mitigation strategies. In response, the organization stated that the claimed data is from the last two decades and all the other information is protected.
“The Data breach reported in the media was a breach of very old data from 2009 and the credit card information was all encrypted, hence the reason for the very low ransom. This has been reported to authority and has no interference with our current website”, stated a spokesperson for BHF Couriers.
Moreover, an analysis of the sample data shared by the threat actor reveals the scale and intricacy of the purported breach. The dataset, comprising multiple files totaling over 10GB in size, offers a glimpse into the extensive nature of the compromised information.
Analyzing the Sample Data
Detailed breakdowns provided by Okhotnik shed light on the composition of the dataset, with individual files housing diverse sets of records related to various aspects of BHF Couriers’ operations. Among the enumerated files, “afra_icr.csv,” “courier.csv,” and “bhf_construction.csv” stand out, each containing a large volume of data integral to the company’s functioning.
Additionally, the detailed record attributed to “TW Global Products” within the “bhf-dev.csv” file highlights the granularity of information potentially exposed by the BHF Couriers data breach. However, it is imperative to exercise caution in accepting these dark web claims at face value, given the update shared by the organization.
The speculative nature of the alleged breach requires a thorough investigation to validate the extent of the incident and mitigate potential repercussions. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged breach or any further information from the organization.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
