-
A threat actor named “kuna” is selling a stolen database packed with financial, social, and family details belonging to approximately 300,000 Belgian citizens on underground criminal forums.
-
The exposed records include Social Security Numbers, IBANs, disability status, salary data, as well as marriage details, etc.
-
Security experts warn that “kuna’s” bulk sales model hands the same stolen data to dozens of independent fraudsters at the same time, multiplying the scale of the threat across Belgium.
A threat actor operating under the alias “kuna” has placed a massive stolen database up for sale on dark web forums, putting approximately 300,000 Belgian citizens at immediate risk of identity theft, financial fraud, and targeted exploitation.
Cybersecurity researchers flagged the listing, calling it one of the most alarming breaches to hit Belgian residents in recent years.
The depth and specificity of the compromised records point to a breach inside either a major banking institution or a government-linked social security agency.
This database combines financial, demographic, and deeply personal family data, giving criminals everything they need to impersonate victims or drain their accounts.
‘Kuna’ Lists 300,000 Belgian Records Across Dark Web Forums
Researchers spotted “kuna” advertising the stolen records in batches of 1,000 lines per transaction. That model means dozens, or even hundreds, of criminal actors can independently run fraud operations using the same dataset, multiplying the damage exponentially across the country.
The listing covers full names, national Social Security Numbers, and complete home addresses. The database contains full banking details, including International Bank Account Numbers and Bank Identifier Codes, giving criminals direct access to the financial infrastructure tied to each victim’s account.
Payroll records and salary data sit inside the dataset as well, revealing exactly how much each victim earns and where they work.
Stolen Records Expose What Experts Call “Deep Personal Data”
Researchers are flagging a specific category within this breach that goes far beyond what financial attacks typically produce. They describe it as “deep personal data.”
Beyond the financial layer, the database holds marital and family status, partners’ full names and occupations, dates and places of birth, and disability status. It also stores marriage details (including ceremony dates and locations), the number of dependent children, their dependency status, care validation records, and even home-to-work distance metrics.
That last cluster (caregiving validation entries, benefit eligibility data, and commute records) strongly suggests “kuna” either exploited or obtained insider access to systems that Belgian government agencies use to administer welfare and employment benefits.
This is not a random data grab. Researchers describe the breach as a “calculated and targeted attack” on infrastructure that holds some of the most sensitive records about citizens’ everyday lives.
The dataset shows a notable demographic concentration. A significant portion of the exposed records belong to individuals aged 66 and above; a group that cybersecurity professionals consistently identify as the most vulnerable to financial scams and social engineering attacks.
Belgian Authorities Stay Silent as Experts Push Citizens to Act
Belgian authorities and national cybersecurity agencies have not yet released a formal public statement confirming the breach or identifying the breached organization. That silence widens the window of exposure for hundreds of thousands of citizens.
Cybersecurity experts urge Belgian citizens, especially adults and those receiving government benefits, to take protective action instead of waiting for official confirmation.
Experts recommend monitoring bank accounts for unusual activity, treating unsolicited calls or emails requesting personal details with suspicion, and placing fraud alerts on financial accounts as investigations move forward.
The urgency of these precautions is underscored by incidents like the fake government portal leak in Bangladesh, where over 1,100 citizens had their passports and personal documents exposed on the dark web, a stark reminder that once identity documents are stolen, victims can face years of fraud and impersonation.
The “kuna” operation reflects a deliberate specialization. The threat actor targets European payroll systems, social security platforms, and state benefit agencies.
The combination of income records, caregiving data, and benefit eligibility details inside this database is not accidental. For 300,000 Belgians, that specialization now has real and immediate consequences.
