Miami-based tech company Intcomex has suffered a major data breach, with nearly 1 TB of its users’ data leaked. Likely following a botched ransom negotiation, the first part was made available on September 14, 2020, and more on September 20. The leaker promised to release the rest of the stolen database over an undisclosed period of time.

Researchers from CyberNews.com discovered the leaked data on an open Russian forum. At present, files titled ‘Internal Audit’ and ‘Finance ER’ have been published. According to the leaker, the remaining data is the most sensitive and includes full credit card details, SSNs, passport and license scans, payroll information, bank documents, and more.

Intcomex serves more than 50,000 resellers in over 41 countries, predominantly in Latin America and the Caribbean. With such extensive information freely available, the database is a goldmine for cybercriminals. 

CyberNews.com informed Intcomex about the leak as soon as they discovered it on September 21, 2020. 

An Intcomex spokesperson told the research organization: "Intcomex internally detected and responded to a cyber attack involving some of our systems. Upon learning of the incident, we took decisive steps to address the situation and protect our systems. We immediately engaged third-party cybersecurity experts to assist us in the investigation and we have implemented additional enhanced security measures. We also notified law enforcement. We are notifying affected parties as appropriate. Services provided to our partners have not been impacted. The security of our systems and data remains a top priority."

“Organizations are under vast amounts of pressure to protect customers from increasingly sophisticated attacks by seasoned cyber criminals”, said the CyberNews.com Investigation team. “This leaker appears to have links to the LockBit Ransomware group, an entirely self-spreading ransomware which means hackers only need to be inside a network for a few hours for the damage to be done. Paying ransoms is a double-edged sword. Although it can be crippling to a company and it may keep customer data safe, it also allows the proceeds of criminal activity to be ploughed back into research and development for other malicious attack vectors, making it even more likely that other organizations will find themselves in a similar position."

According to CyberNews.com, since the data breach was reported to Intcomex, the thread has been deleted from the forum, suggesting that either the ransom has been paid, or the leaker had a change of heart.