Miami-based Tech Company, Intcomex, Suffers Massive, 1TB Data Breach
Miami-based tech company, Intcomex, has suffered a massive, 1 terabyte data leak of its users’ data. The data leaked includes credit cards, passport and license scans, personal data, payroll, financial documents, customer databases, employee information and more. Parts of the data were first leaked on a popular Russian hacker forum for free on September 14th of this year, with a second part being released on September 20th.
According to posts made by the actors behind the leak, the information was made available due to a failed ransom negotiation. While Intcomex has released a statement, see below, they have not acknowledged whether there was a ransom demanded, and they have yet to publicly disclose the breach on their website.
Intcomex internally detected and responded to a cyber-attack involving some of our systems. Upon learning of the incident, we took decisive steps to address the situation and protect our systems. We immediately engaged third-party cybersecurity experts to assist us in the investigation and we have implemented additional enhanced security measures. We also notified law enforcement. We are notifying affected parties as appropriate. Services provided to our partners have not been impacted. The security of our systems and data remains a top priority.
According to the leaker, the full database of the Intcomex leak included the following data:
- Credit cards, including the full number, expiration date, CVV2, and the holder’s full name
- Document scans, including US and Latin American passports, social security scans, driver license scans, and more
- Personal data, such as social security numbers, dates of birth, zip codes, addresses, and more
- Payroll information
- Bank documents
- Accounting and finance documents
- Customers’ databases
- Employee information
The company targeted by the attack, Intcomex, is a Miami-based company that claims to be the “leading platform of value-added solutions and technology products in Latin America and the Caribbean.” It distributes computer systems and components, Point of Sales systems, networking products, mobile devices, software, accessories, cloud technology solutions and more. According to their ‘Coverage’ page, the company has “14 subsidiaries and 31 distribution facilities, serving more than 50,000 resellers spanning over 41 countries” in the Latin American and Caribbean regions.
While the company is based in South Florida, it is most likely that most of its customers – and therefore the information contained within the leaked database – comes from Latin America and the Caribbean.
Considering that the data was freely available on a popular Russian hacking forum, it’s reasonable to assume that a sizable portion of the forum had access to the data. It’s interesting to not that the leaker has requested that the blackhat community not use the data to attack hospitals:
If the leaker still plans on delivering all the promised data, then the full database can be a huge goldmine for cybercriminals. With sensitive data like passports, social security numbers, addresses and even emails, criminals can perform successful identity theft attacks, including taking out loans in victims’ names, applying for credit cards, etc. The current released collections include sensitive business data as well, and cybercriminals can perform phishing, social engineering, and spear phishing attacks.
If you’re a customer of Intcomex, there’s a high probability that your data has been leaked. If you’ve been affected by this breach, you should:
- Set up identity theft monitoring and watch for unusual activity on your financial accounts
- Change your password immediately if your email address was leaked. We recommend using a password manager to store your passwords.
- Watch out for suspicious emails, as they may be phishing attempts. Avoid clicking on links from suspicious emails
Companies affected by the Intcomex breach should already have identification and verification in place and should strictly follow these guidelines to not give access to information or accounts to the wrong persons.
Sources: