A significant trove of sensitive data, allegedly stolen from the Israeli construction company Edri Ltd, has been dumped on a notorious hacker forum, exposing a wide range of internal corporate and personal employee data.
The 8.5 GB data set was posted on DarkForums on October 18, 2025, by a user known as “CyberToufan02.” The leak, titled “Edri Ltd breach,” contains 4,307 files organized into 277 folders, and includes office documents, financial records, HR materials, legal paperwork, and complete mailbox archives.
The threat actor claimed in the post to have “gained access to internal systems and employee data,” though these claims have not been independently verified. The leaked materials did not contain any official background information on the company, which is identified by the web domain edriltd.co.il.
Highly Sensitive Personal and Corporate Data Exposed
Security analysts reviewing the leaked files have identified several items of extreme sensitivity, painting a grim picture of the breach’s depth.
Among the most critical files exposed are:
[email protected]: A full Outlook mailbox, potentially containing years of internal emails, attachments, and confidential correspondence.דרכון שמעון ריזי.pdf: A scanned passport, exposing the complete personal identity data of an individual.קובץ סטטוס תביעות ביטוח.xlsx: An insurance claim status file, which typically holds personal and financial information of claimants.תלוש שכר.docx: A payslip, a document containing an employee’s salary, identification details, and other private HR data.ערבות אישית נספח להסכם עם קבלן.docx: A contract annex detailing personal guarantees, exposing individuals to legal and financial risks.Maam874AccKeys1.ard: A file that appears to hold accounting or system access keys, which could be used by attackers to gain further access to corporate systems.
Hacker Claims and Widespread Implications
In the forum post, CyberToufan02 made broader claims than the 8.5 GB file set suggests. The actor boasted of leaking:
- 16 GB of company data, including employee details
- 1 GB of email archives
- Databases with client and project information
- Download links with passwords for public access
The presence of full mailbox archives is considered a significant threat, increasing both reputational and operational risks for the company.
Security experts are warning of severe consequences for both the company and individuals whose data was compromised.
For Individuals: The exposure of passports, payslips, and insurance data creates an immediate and high risk of identity theft, impersonation, and financial fraud. This data can be used for highly targeted phishing, social engineering, and even extortion.
For Edri Ltd: The company faces a multi-front crisis. The leak of financial records and mailboxes could lead to sophisticated business email compromise and invoice fraud. The exposure of legal documents and accounting keys opens the door to further intrusion, reputational damage, and potential regulatory penalties.
For the Supply Chain: The actor’s claim of leaking client and supplier data poses a significant supply chain risk. Partners and subcontractors of Edri Ltd may now face targeted phishing or invoice scams, as attackers could use the leaked correspondence and contact data to create convincing fraudulent requests.
