Ransomware victim disclosure
← All victimsUPS
Claimed by Shinyhunters · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Group
- Shinyhunters
- Status
- Data leaked
- Country
- United States
- Sector
- Transportation/Logistics
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileUnited Parcel Service (UPS) is an American multinational logistics and courier delivery company headquartered in Atlanta, Georgia. Founded in 1907, UPS operates a global network spanning 220+ countries and territories, delivering over 20 million packages daily. The company also provides freight forwarding, supply chain management, and related logistics solutions.
- Industry
- Logistics & Courier Delivery Services
- Address
- 55 Glenlake Parkway NE, Atlanta, Georgia 30328, United States
- Employees
- 500000+
- Founded
- 1907
Attack summary
Severity: medium — Status is listed as data_published by a known prolific exfiltration group (ShinyHunters), which elevates severity above low, but the leak post contains no specifics about data type, volume, or proof files, preventing a higher classification. Given UPS's scale, any confirmed exfiltration would likely affect PII at scale, but evidence here is insufficient to confirm critical.ShinyHunters claims a data publication event against UPS; the post does not specify whether encryption or exfiltration occurred, and no data volume or specific dataset contents are described in the disclosed post.
Original description
AI-summarised, not from the leak postUnited Parcel Service (UPS) is an American multinational company that specializes in logistics, courier delivery services, and supply chain management solutions. Founded in 1907, it's headquartered in Atlanta, Georgia. With a global network, UPS delivers over 20 million packages daily to 220+ countries and territories worldwide. It also offers services like freight forwarding and supply chain designing.
Sources
- Leak posthttps://breachforums.hn//ups.html
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

