Threat Actor Claims Cabify Driver Data Breach Affecting 430,000 Records
Published on November 17, 2025
Key Takeaways
- Threat actor claims: An individual claims to be selling a database allegedly stolen from transportation company Cabify.
- Scope of breach: The dataset reportedly contains sensitive information on more than 430,000 drivers in Spain
- Data exposed: The compromised information reportedly includes full names, IDs, driver's license details, and more.
A threat actor using the alias Perro has claimed responsibility for an alleged Cabify data breach, offering a database for sale that allegedly contains the personal information of over 430,000 drivers of the ridesharing service in Spain.
The claim, observed on November 15, 2025, is currently pending verification but represents a potentially serious incident of transportation sector cybercrime.
Details of the Reported Driver Data Leak
According to the threat actor's post, the database for sale contains a wide range of personally identifiable information (PII). The compromised driver data leak reportedly includes lots of sensitive data.
The data breach is said to contain:
- full names,
- email addresses,
- usernames,
- national identity card numbers,
- driver's license data with specific issuance and expiration dates,
- phone numbers,
- full residential addresses,
- associated Facebook account IDs.
The transportation industry remains a high-value target for cybercriminals due to the vast amounts of personal and operational data it handles. Spain's first Unicorn company, founded in 2011, currently also operates in Latin America.
The Perro Database Sale and Its Implications
The Perro database sale highlights how cybercrime actors specifically target large repositories of user data for financial gain. The claims are still being investigated, but the potential scale of this breach serves as a critical reminder of the importance of robust data protection measures.
Organizations that manage sensitive driver and customer information must continuously fortify their defenses against unauthorized access and data exfiltration to mitigate the risks of such damaging security events.
In June 2024, the ID verification service used by Uber, TikTok, and X leaked sensitive user data, and ride-hailing giant Uber faced a €290 million fine over GDPR violations a few months later.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular