It’s being reported that Miami tech company Intcomex has suffered major data breach. The Miami-based “value-added solutions and technology products” company was hit with a major data breach, with nearly 1 TB of its users’ data leaked. The leaked data includes credit cards, passport and license scans, personal data, payroll, financial documents, customer databases, employee information and more. Parts of the data were leaked on a popular Russian hacker forum for free, with the first part made available on September 14, 2020, and the second part on September 20. The leaker originally promised to release the entire stolen database over an undisclosed period of time.
Full Article: https://www.
Cyber News.com: https://cybernews.
Miami tech company Intcomex suffers major data breach – Security Magazine https://t.co/aLXcL6XXml
— Eric Vanderburg (@evanderburg) October 14, 2020
It is no secret that cybercriminals are becoming more sophisticated and more aggressive, leading to more high profile, expensive, cyberattacks. While the cybersecurity industry is constantly evolving our tools to prevent the initial breach, or quickly identify and contain a minor intrusion before it becomes a major incident, we are dealing with a complex opponent who is also evolving their tools and techniques. A major challenge is these cybercrime operations are international in scope and may operate with little interference by their home governments, even when they are not actively state sponsored.
The industry will continue improving our defenses, but it will take cooperation between government and industry on a large scale to put a dent in these criminal activities in the long term.
Today it’s Intcomex. Tomorrow it’s anyone’s guess. The bottom line is no company or industry is immune to cyberattack. While it seems more of an inevitability than anything else at this point, the probability of successful breach and compromise at tremendous scale like this is really what organizations are somewhat in control of. Focus on the basics and the common denominators in all these breach scenarios is where organizations need to hone their efforts. An overabundance of accounts with persistent and privileged access rights to critical infrastructure, user accounts leveraging weak, well-known, and easily guessed passwords, over-provisioned and over-permissive access rights to sensitive information organizations don’t even know exists, misconfigurations, and unpatched vulnerabilities are to blame for the ease in which threat actors can infiltrate an organization and exfiltrate the data they seek. Without a solid foundation and a layered approach to security that forces threat actors to really want it or find easier prey, organizations will continue to find themselves in the headlines rather than the driver’s seat.
Not only is this leak significant in the volume of data that was leaked, but also the sensitive contents of the data as well. This is not a simple matter of an email address and a name; when sensitive information such as passport numbers and license scans along with payroll information are lost, these can cause significant damage to the users of the service, up to and including real identity theft.
Between legal fees, fines and identity theft protection services being provided to the victims, these types of attacks can be very costly for organisations. In addition, with this organisation serving 41 countries, they are going to have a mess of notification requirements, and additional fines are likely from foreign entities.
It is unfortunate to see that so much of the data was removed without being noticed by the organisation. This is a lesson that Data Loss Prevention (DLP) controls are simply not optional for organisations in the modern-day. Between straightforward breaches such as this and the newer ransomware strains that also exfiltrate data, this really needs to be high on the list for those that do not currently have it deployed. DLP also needs to be routinely tested and configured to ensure it is offering protection.
The severity of the data breached in this attack brings back bad memories of the 2017 Equifax breach, although the data in that breach was never found to be leaked online. It is extremely easy for attackers to monetise credit cards alone. However, when a full repertoire of personal information is also associated to victims – such as date of birth, passport and license data, payroll details, and additional financial documents then stakes are dire. These details open up additional attack vectors such as identity theft and personal account takeovers, as an enormous risk the victims now face.
Anyone that may be impacted in this breach should immediately take steps to protect themselves. They should be on high alert for fraud and identity theft by monitoring all of their accounts daily for any potential warning signs. Identity theft monitoring, changing credit card numbers, credit locks with the credit bureaus, using multi-factor authentication whenever possible, and changing any security questions potentially related to any identifiable information found within this data would be a step that the victims could undertake immediately to help reduce their risk.
At this point, we\’re not sure exactly how this data breach happened, but 1TB of data about Intcomex\’s customer and their clients is certainly a mother lode of data for the bad actors of the world.
I strongly urge Intcomex customers to immediately change passwords on all of their accounts, making sure to not repeat passwords on any login. I also urge them to keep a close watch on their financial accounts for any unusual activity, ideally setting up identity theft monitoring, which can catch activity that customers may miss on their own. Also, customers should be aware of suspicious emails, as the bad guys may try to gain even more personal information by sending phishing emails that contain malicious web links or attachments. Never click links or open attachments in emails or text messages.