Cybercriminals Steal Nearly 1TB of Data from Miami-Based International Tech Firm

  • Databases of delicate, money and personally identifiable info and documents from Intcomex were being leaked on Russian-language hacker forum soon after a ransomware attack.

    Hackers have stolen just about a terabyte of details from a Miami-based tech company, leaking a selection of the pilfered data files (which includes complete credit-card info, scans of sensitive paperwork these as passports, bank statements and economical documents, and even shopper databases) on a Russian hacker discussion board.

    An investigation uncovered leaked details belonging to Intcomex, a really big benefit-included reseller (VAR) which delivers technology products and solutions and services concentrating on Latin The usa and the Caribbean. The leaks happened on Sept. 14 and Sept. 20, when hackers dumped it in two elements on the discussion board.

    “So significantly, the initially launch was a assortment referred to as ‘Internal Audit’ with a size of 16.6GB, while the second launch is titled ‘Finance_ER,’ totaling 18GB,” in accordance to a report on the CyberNews internet site. “Based on folder names, the most new info will come from July 2020.”

    Simply click to Sign up!

    The info appears to have been stolen as the end result of a ransomware attack. Hackers promised to leak “the a lot more appealing data”— which — at a later time, according to the report. A Russian-language be aware remaining alongside with the leaked details alludes to the hackers waiting around to see if the company will shell out up just before releasing the rest of the info, which possible will be far more full credit rating-card information and facts, a treasure trove for hackers, in accordance to the report.

    CyberNews mentioned it contacted Intcomex on Sept. 21 about the leak, which confirmed that the databases scientists noticed on the discussion board is in truth theirs.

    Intcomex stated it took “decisive methods to deal with the condition and defend our systems” upon studying about the leak and is operating with 3rd-occasion cybersecurity professionals in the investigation of what took place, according to a media statement. The organization also notified legislation enforcement and is in the system of permitting “affected parties” know about the leak “as acceptable,” the enterprise said.

    The breach did not impact the companies Intcomex presents to its companions, the corporation stated. However, its sheer dimensions, the sensitivity of the facts, and the deficiency of breach detection by the company are particularly worrisome from a cybersecurity situation, specialists mentioned.

    “Not only is this leak major in the quantity of knowledge that was leaked, but also the sensitive contents of the knowledge as well,” noticed Erich Kron, security consciousness advocate for security firm KnowBe4, in an email to Threatpost. “This is not a easy make a difference of an email address and a name when delicate data these types of as passport figures and license scans along with payroll information and facts are missing, these can result in important injury to the people of the support, up to and including true identity theft.”

    Danger actors also were ready to steal the information and dump it online just before the company even observed, observed Chris Clements, vice president of alternatives architecture for security company Cerberus Sentinel.

    “This highlights the ongoing shortcomings of companies in detecting that a breach has occurred before the attacker has been equipped to do substantial damage,” he mentioned in an email to Threatpost. “In this scenario, attackers had been evidently able to exfiltrate approximately a terabyte of delicate facts without the need of detection.”

    In truth, the knowledge leaked by the group is extensive and could be used by cybercriminals to start more and in depth attacks on the company’s personnel, prospects or partners. Credit score cards contain the entire amount, expiration date, CVV2, and the holder’s complete identify, and doc scans incorporate entire passport data for the two U.S. and Latin American passport holders, as nicely as people’s Social Security quantities and complete driver-license info.

    The point that the business operates throughout place borders also could imply a incredibly messy and high-priced clean up-up procedure on the backend of the leak, Kron noted.

    “Between lawful expenses, fines and identity-theft defense solutions staying provided to the victims, these forms of assaults can be quite high priced for businesses,” he said. “In addition, with this business serving 41 countries, they are going to have a mess of notification requirements and additional fines are probable from international entities.”

    On Oct 14 at 2 PM ET Get the newest info on the rising threats to retail e-commerce security and how to prevent them. Register today for this No cost Threatpost webinar, “Retail Security: Magecart and the Increase of e-Commerce Threats.” Magecart and other danger actors are riding the soaring wave of on the internet retail usage and racking up huge quantities of consumer victims. Locate out how websites can stay clear of turning out to be the up coming compromise as we go into the holiday break year. Sign up for us Wednesday, Oct. 14, 2-3 PM ET for this LIVE webinar.