The Miami-based “value-added solutions and technology products” company Intcomex has suffered a major data breach, with nearly 1 TB of its users’ data leaked. The leaked data includes credit cards, passport and license scans, personal data, payroll, financial documents, customer databases, employee information and more.
Parts of the data were leaked on a popular Russian hacker forum for free, with the first part made available on September 14, 2020, and the second part on September 20. The leaker originally promised to release the entire stolen database over an undisclosed period of time.
We informed Intcomex about the leak on September 21, 2020. An Intcomex spokesperson confirmed that this database belongs to them and told CyberNews:
“Intcomex internally detected and responded to a cyber attack involving some of our systems. Upon learning of the incident, we took decisive steps to address the situation and protect our systems. We immediately engaged third-party cybersecurity experts to assist us in the investigation and we have implemented additional enhanced security measures. We also notified law enforcement. We are notifying affected parties as appropriate. Services provided to our partners have not been impacted. The security of our systems and data remains a top priority.”
It appears that the leak was made available due to a failed ransom negotiation (translated from Russian):
After we contacted Intcomex about their data being leaked online, the leaker deleted the thread. We asked Intcomex whether there was indeed a ransom demanded, and if they paid that ransom or negotiated with the leaker in any way, but have not received any responses from them.
To see if your email address has been exposed in this or other security breaches, use our personal data leak checker.
What data is included?
According to the leaker, the full database of the Intcomex leak included the following data:
- Credit cards, including the full number, expiration date, CVV2, and the holder’s full name
- Document scans, including US and Latin American passports, social security scans, driver license scans, and more
- Personal data, such as social security numbers, dates of birth, zip codes, addresses, and more
- Payroll information
- Bank documents
- Accounting and finance documents
- Customers’ databases
- Employee information
- Contragents databases (although we are unsure what this means at the moment)
So far, the first release was a collection called “Internal Audit” with a size of 16.6GB, while the second release is titled “Finance_ER” totalling 18GB. Based on folder names, the most recent data comes from July 2020.
The leaker promised to leak the more interesting data (credit card data, etcc) later, indicating that the finance data and internal audit collections were least interesting for cybercriminals:
However, he included scans of more sensitive data, perhaps as proof:
Who is the company behind the leak?
Intcomex is a Miami-based company that claims to be the “leading platform of value-added solutions and technology products in Latin America and the Caribbean” according to its website. It distributes computer systems and components, Point of Sale, networking products, mobile devices, software, accessories, cloud technology solutions and more.
According to its Coverage page, the company has “14 subsidiaries and 31 distribution facilities, serving more than 50,000 resellers spanning over 41 countries” in the Latin American and Caribbean regions.
While the company is based in South Florida, it is most likely that a majority of its customers – and therefore the information contained within the leaked database – comes from Latin America and the Caribbean.
Who had access to the data?
The data was freely available on a popular Russian hacking forum. Therefore, it’s reasonable to assume that a sizable portion of the forum had access to the data.
Interestingly enough, the leaker requests that the blackhat community not use the data to attack hospitals:
What’s the impact?
If the leaker still plans on delivering all the promised data, then the full database can be a huge goldmine for cybercriminals. With sensitive data like passports, social security numbers, addresses and even emails, criminals can perform successful identity theft attacks, including taking out loans in victims’ names, applying for credit cards, and much more.
The current released collections include sensitive business data as well, and cybercriminals can perform phishing, social engineering, and spear phishing attacks.
If you’re a customer of Intcomex, there’s a high probability that your data has been leaked. If you’ve been affected by this breach, you should:
- Set up identity theft monitoring and watch for unusual activity on your financial accounts
- Change your password immediately if your email address was leaked. We recommend using a password manager to store your passwords.
- Watch out for suspicious emails, as they may be phishing attempts. Avoid clicking on links from suspicious emails
Companies affected by the Intcomex breach should already have identification and verification in place, and should strictly follow these guidelines so as to not give access to information or accounts to the wrong persons.
CyberNews will continue to monitor the situation and update on any further collection releases.