Ransomware group TridentLocker has claimed responsibility for a breach affecting bpost, Belgium’s national postal and parcel operator. The group said it leaked about 30 GB of data and published more than 5,000 files on its site. According to the company, the incident involved a third-party software platform used by an internal department that does not manage letter processing or parcel delivery. bpost said the affected environment was isolated from core logistics systems and that operational services were not disrupted.
bpost reported that it moved quickly to secure the compromised system. The organisation introduced additional security controls and engaged external cybersecurity specialists to support the investigation. It said it is working with relevant authorities and will notify individuals whose information may have been exposed. At this stage, it remains unclear whether the leaked files include sensitive personal data, business documentation or internal administrative records. The company said its review of the leaked material is on
TridentLocker is a relatively new ransomware group that has claimed several attacks across different sectors. The group typically publishes data when victims do not meet ransom demands. Analysts said the public release of the files suggests that bpost may not have complied with any request from the group, although the company has not commented on the nature of any communication with the attackers.
Security analysts warned that data linked to national postal and logistics operators can be valuable to criminal groups. Contact information, internal references or service-related records could be used for phishing or impersonation attempts. They advised customers who have recently interacted with bpost to remain alert to unsolicited messages requesting personal or financial information. Analysts said attackers often use partial data to craft convincing communication.
Authorities are now examining how the breach occurred. Investigators are reviewing logs from the third-party platform to determine the initial point of access and whether any vulnerability was exploited. They said the incident highlights the risks associated with external software systems connected to large public service organisations. Law enforcement agencies continue to assess whether additional steps are required to prevent similar breaches.
bpost said delivery operations remain uninterrupted. The organisation stated that it will provide updates as the investigation progresses and as the assessment of the leaked data becomes more complete.