The CTT data breach exposed 468,124 records including Email addresses, Names, Phone numbers. This breach has been verified by HaveIBeenPwned. Affected users should check HaveIBeenPwned.com and take immediate steps to protect their accounts.
What Happened
In April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum. The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to retrieve the tracking history of the parcel.
- Breach date
- 2026-04-26
- Records affected
- 468,124
- Verified
- Yes
- Domain
- ctt.pt
What Was Exposed
The following data types were included in the breach:
- Email addresses
- Names
- Phone numbers
What You Should Do
If you had an account with CTT, take these steps immediately:
- Check if your account was affected at HaveIBeenPwned.com
- Watch for phishing emails that reference the breach or impersonate the affected company
- Be alert for social engineering attempts using your exposed personal information
- Enable two-factor authentication on the affected service if available
- Consider using a password manager to generate unique passwords for each service
FAQ
Was my data in the CTT breach?
What should I do if my data was exposed in the CTT breach?
When did the CTT data breach happen?
Need Incident Response?
Sherlock Forensics investigates data breaches for organizations. We determine scope of exposure, identify attack vectors, preserve evidence for legal proceedings and help you meet notification requirements.
Get Incident Response Help