What Happened
In July 2024, Romanian online invoicing service 2invoice.ro suffered a data breach discovered on July 17, when hackers posted screenshots proving access to its database and offered the full dataset for sale on Telegram for €4,000. The incident exposed over 1.8 million customer records, including approximately four million online invoices with personal and fiscal data—such as names and tax details—but no banking information; among the affected were over 600,000 customers of e-commerce giant Emag via its partners. Cybersecurity expert Bogdan Albei disclosed the breach, suggesting possible causes like software vulnerabilities or phishing, while 2invoice.ro confirmed the validity of the compromised client data, launched an investigation, and pledged regulatory reporting; Emag stated its customers’ data was indirectly impacted through partners but not directly via the platform.
