According to the Bangladesh Cyber Security Intelligence (BCSI) Threat Intelligence Platform, a significant data breach has been uncovered involving global brand Unilever. A threat actor has publicly claimed to possess personal information of approximately 4.1 million job applicants who applied to Unilever. Even more concerning, the actor also claims to have access to 28,856 user accounts associated with the job application system.
The leaked data reportedly includes sensitive personal information such as first names, last names, addresses, postal codes, phone numbers, and countries of residence. The database is currently being offered for sale on a Telegram channel for just $100, indicating the low cost at which sensitive personal data is being traded on the dark web.
Further investigation by BCSI revealed the possible motive behind the breach. The threat actor claims that this attack was carried out due to Unilever’s alleged connections with Israel. The actor justified the breach by linking it to the ongoing conflict in Palestine, accusing Unilever of supporting Israel, which has been criticized for human rights violations and breaking international laws during the conflict.
This breach not only underscores the risks that come with handling large volumes of personal data but also highlights how geopolitical conflicts can be leveraged by cybercriminals as a motive for their actions. BCSI advises all affected users to be vigilant and recommends Unilever take swift action to mitigate the impact of this data leak and secure its systems to prevent further exploitation.
