Belgium payroll breach exposes 300K

A dataset advertised by the actor “kuna” appears to expose payroll and identity records for about 300,000 people in Belgium. The records described in the sale listing include bank account numbers, national social-security identifiers, salary data and family details. (tornews.com) The public reporting on April 12, 2026 said the data was being offered on underground forums rather than disclosed by a Belgian company or agency. The reports did not identify the breached employer, payroll processor or government system behind the records. (tornews.com) What makes payroll records different from an ordinary contact-list leak is the mix of financial and identity data in one file. The exposed fields reportedly include International Bank Account Numbers, salary information, disability status, marital details and dependent information alongside social-security numbers. (tornews.com) That combination gives criminals several ways to use the data. European Union breach guidance says leaks that create a high risk of identity theft, fraud or financial loss can require direct notice to affected people without undue delay. (edpb.europa.eu, gdpr-info.eu) Belgium’s data-protection rules sit inside the General Data Protection Regulation, which generally requires controllers to notify the supervisory authority within 72 hours after becoming aware of a risky breach. Belgium’s Data Protection Authority says breach notifications must be filed through its portal, not by email. (gdpr-info.eu, autoriteprotectiondonnees.be) Belgium is also dealing with a broader rise in cyber incident reporting. The Centre for Cybersecurity Belgium said in a March 2026 threat report that it recorded 635 incident notifications in 2025, including 556 cyber-related cases, a year-over-year increase of 58 percent for cyber notifications. (ccb.belgium.be) That backdrop matters because payroll databases are concentrated targets. One compromise can expose current and former workers, spouses, children and bank details in the same breach, turning a single intrusion into a fraud problem that can spread across employers and public systems. (edpb.europa.eu, tornews.com) As of April 13, 2026, the public reporting still leaves basic questions unanswered: who was breached, when the intrusion happened, whether the files are authentic and whether Belgian authorities have opened a formal case. Until those facts are confirmed, the clearest verified point is the one from the opening post: a large Belgian payroll-linked dataset is being marketed for sale, and the people inside it face immediate fraud and impersonation risk. (tornews.com, ccb.belgium.be)