[BreachExchange] Technology products supplier Intcomex hacked, 1TB of data stolen

[Destry Winant]

https://siliconangle.com/2020/10/13/technology-products-supplier-intcomex-hacked-1tb-data-stolen/

Technology products supplier Intcomex Corp. has suffered a data breach
and about a terabyte of its user data was released on a hacking forum.

First reported by Cybernews today, the leaked data included credit
card details, passport numbers, license scans, personally identifiable
information, payroll data, financial documents, customer details,
employee information and more.

Parts of the data were first released for free on a Russian hacking
forum Sept. 14, with more released Sept. 20. Those behind the hack are
promising to release even more data in the future.

Intcomex hasn’t formally disclosed the data breach on its website, but
the company did confirm the hack to Cybernews. In a tick box of
standard responses, Intcomex said it had taken steps to address the
situation, had “engaged third-party cybersecurity experts to assist us
in the investigation and… implemented additional enhanced security
measures. We also notified law enforcement. We are notifying affected
parties as appropriate.”

The company is based in Miami, Florida, but offers services both in
the U.S. and abroad. Although Florida doesn’t have any disclosure
laws, California does. And though it’s not clear if it has clients in
California, it’s arguably poor form not to disclose the details of a
data breach publicly regardless of local legal requirements to do so.

“The bottom line is no company or industry is immune to cyberattack,”
Adam Laub, general manager of data access governance firm Stealthbits
Technologies Inc., told SiliconANGLE. “While it seems more of an
inevitability than anything else at this point, the probability of
successful breach and compromise at tremendous scale like this is
really what organizations are somewhat in control of.”

Erich Kron, security awareness advocate at security awareness training
firm KnowBe4 Inc., noted that not only is the volume of leaked data
significant but the sensitivity of the contents was too.

“This is not a simple matter of an email address and a name; when
sensitive information such as passport numbers and license scans along
with payroll information are lost, these can cause significant damage
to the users of the service, up to and including real identity theft,”
he said. “Between legal fees, fines and identity theft protection
services being provided to the victims, these types of attacks can be
very costly for organizations. In addition, with this organization
serving 41 countries, they are going to have a mess of notification
requirements and additional fines are likely from foreign entities.”