Technology products supplier Intcomex Corp. has suffered a data breach and about a terabyte of its user data was released on a hacking forum.
First reported by Cybernews today, the leaked data included credit card details, passport numbers, license scans, personally identifiable information, payroll data, financial documents, customer details, employee information and more.
Parts of the data were first released for free on a Russian hacking forum Sept. 14, with more released Sept. 20. Those behind the hack are promising to release even more data in the future.
Intcomex hasn’t formally disclosed the data breach on its website, but the company did confirm the hack to Cybernews. In a tick box of standard responses, Intcomex said it had taken steps to address the situation, had “engaged third-party cybersecurity experts to assist us in the investigation and… implemented additional enhanced security measures. We also notified law enforcement. We are notifying affected parties as appropriate.”
The company is based in Miami, Florida, but offers services both in the U.S. and abroad. Although Florida doesn’t have any disclosure laws, California does. And though it’s not clear if it has clients in California, it’s arguably poor form not to disclose the details of a data breach publicly regardless of local legal requirements to do so.
“The bottom line is no company or industry is immune to cyberattack,” Adam Laub, general manager of data access governance firm Stealthbits Technologies Inc., told SiliconANGLE. “While it seems more of an inevitability than anything else at this point, the probability of successful breach and compromise at tremendous scale like this is really what organizations are somewhat in control of.”
Erich Kron, security awareness advocate at security awareness training firm KnowBe4 Inc., noted that not only is the volume of leaked data significant but the sensitivity of the contents was too.
“This is not a simple matter of an email address and a name; when sensitive information such as passport numbers and license scans along with payroll information are lost, these can cause significant damage to the users of the service, up to and including real identity theft,” he said. “Between legal fees, fines and identity theft protection services being provided to the victims, these types of attacks can be very costly for organizations. In addition, with this organization serving 41 countries, they are going to have a mess of notification requirements and additional fines are likely from foreign entities.”
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.