1TB of Data Stolen from International Tech Firm
Hackers stole a terabyte of data from a Miami-based tech firm and leaked some data online including full credit-card information, passports, bank statements and financial documents on a Russian hacker forum. Intcomex, a very large value-added reseller which provides technology products and services in Latin America and the Caribbean was the victim. The leaks occurred on Sept. 14 and Sept. 20, when hackers dumped it in two parts on the forum. The data was stolen as the result of a ransomware attack. Hackers promised to leak sensitive data at a later time. A note with the leaked data threatens to release the rest of the data if the ransom isn't paid.
Intcomex took steps to address the situation and protect their systems after learning about the leak and is working with cybersecurity experts in the investigation of what happened. The company also notified law enforcement and is in the process of letting affected clients know about the leak. The breach did not affect Intcomex services to its partners but the size, sensitivity, and the lack of breach detection by the company are extremely worrisome. Not only was the leak significant in the volume of data that was leaked, but also the sensitive contents of the data as well. Hackers were able to steal the data and dump it online before the company even noticed.
The data leaked is extensive and could be used by hackers to launch further and comprehensive attacks on the company's employees, customers and / or partners. Credit cards include the full number, expiration date, CVV2, and the full name. Document scans include full passport info for both U.S. and Latin American passport holders, as well as Social Security numbers and full driver-license info. Since the company operates across country borders, clean-up operations are very messy and expensive.
Avoid becoming a victim to ransomware or limit the damage it can do by following some cybersecurity hygiene basics. Apply security patches to protect against known vulnerabilities, and disable remote ports where they're not needed to stop ransomware from getting in. Segment your network to prevent the ransomware from being able to spread quickly around the network. Organizations should also use multi-factor authentication so even if passwords are known, they can't be used to gain access to other areas of the network. Backups should be regularly made and stored offline.