In April 2026, data allegedly taken from CTT, Portugal's national postal service, was posted to a public hacking forum, affecting approximately 468,000 accounts.
What happened
According to Have I Been Pwned, in April 2026 data allegedly obtained from CTT — Portugal's national postal service — was posted publicly on a hacking forum. The incident was first reported by DarkWebInformer on social media and was added to HIBP on 19 May 2026.
What was exposed
The exposed data included email addresses, names, phone numbers, and parcel tracking numbers. According to HIBP, parcel tracking numbers could potentially be used to retrieve the tracking history of individual parcels.
Who is affected
Approximately 468,000 unique email addresses were included in the posted data, suggesting a similar number of CTT customers may be affected.
What to do now
If you have used CTT's services, be alert to phishing emails or suspicious calls that reference your name or parcel details. Consider changing your CTT account password and enabling two-factor authentication if available. Be cautious of unsolicited messages that reference your delivery history, as that information may now be in the hands of third parties.