Egypt – 17 May 2026 – Cyber threat forums reported claims that a large dataset allegedly associated with Egypt’s tourism sector, including references to the Ministry of Tourism and hospitality-related entities, is being offered for sale online.
According to the claims, a threat actor identified as “Revesky” is offering an alleged dataset estimated at approximately 547GB in size. The data is said to contain employee records, job-related information, national identification numbers, telephone numbers, addresses, hotel-related data, regional information, official documents, and employment contracts.
At the time of publication, these claims remain unverified, and there has been no independent confirmation regarding the authenticity, source, scope, or accuracy of the alleged data. No official statement has confirmed the existence of the reported breach.
Observers have also noted that the threat actor’s description reportedly characterizes the Ministry of Tourism as being affiliated with the Ministry of Interior. As these are separate governmental entities, such references may indicate inaccuracies, misunderstandings, or attempts to increase the perceived value and significance of the alleged dataset.
Regardless of whether the claims are ultimately substantiated, cybersecurity experts emphasize that the circulation and attempted sale of allegedly sensitive information can create significant risks for organizations and individuals. Threat actors frequently leverage personal and professional information to conduct highly targeted phishing campaigns, social engineering attacks, identity fraud, and other forms of cyber-enabled crime.
The increasing use of artificial intelligence to generate convincing messages, emails, voice calls, and impersonation attempts further amplifies the potential impact of exposed personal information.
As a precautionary measure, security teams are encouraged to review authentication logs, monitor for unusual account activity, investigate unauthorized access attempts, and remain vigilant for indicators of credential stuffing and account takeover attacks.
Individuals and organizations are advised to exercise caution when responding to requests for sensitive information, avoid opening suspicious links or attachments, enable multi-factor authentication (MFA), regularly update passwords, and monitor account activity for signs of unauthorized access.
Disclaimer: This statement is based solely on claims circulating within cyber threat forums. The alleged breach and associated dataset have not been independently verified, and no official confirmation has been issued regarding the authenticity, scope, or impact of the reported information.