Cyber Incident Victim: Intcomex
Date:
Sep 2020
Location:
United States of America
Summary
A ransomware attack compromised nearly one terabyte of sensitive data from a Miami-based international technology firm specializing in Latin American and Caribbean markets. Cybercriminals exfiltrated financial records, customer databases, personally identifiable information including passport and Social Security numbers, credit card details, and payroll documents, subsequently leaking portions on a Russian-language hacking forum. The breach, undetected until the data appeared online, exposed significant volumes of high-risk information capable of facilitating identity theft. The victim organization confirmed the incident, engaged cybersecurity experts and law enforcement, and initiated notifications to impacted parties. Security analysts emphasized the severity of both the data volume and its sensitive nature, underscoring systemic vulnerabilities in enterprise-level defenses against unauthorized data exfiltration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 14 and September 20, 2020, cybercriminals leaked nearly one terabyte of stolen data from Intcomex, a Miami-based technology value-added reseller operating across Latin America and the Caribbean, on a Russian-language hacker forum. The breach involved the exfiltration of highly sensitive information, including full credit card details, scans of passports, bank statements, financial documents, customer databases, Social Security numbers, and payroll records. Attackers executed the data dump in two separate forum postings, exposing extensive personally identifiable and financial data that posed significant risks of identity theft and financial fraud. Security experts emphasized the severity of both the volume of stolen data and the sensitivity of its contents, noting the inclusion of documents rarely aggregated in such large-scale breaches. Intcomex confirmed the incident occurred without prior detection, indicating the attackers successfully bypassed security measures before exfiltrating the data. The company’s failure to identify the breach before the public leak underscored systemic vulnerabilities in its cybersecurity defenses.
Intcomex initiated a response by engaging third-party cybersecurity experts to investigate the breach’s scope and origin, while simultaneously notifying law enforcement agencies. The company began notifying affected individuals and entities about the exposure of their sensitive data, though the full scale of impacted parties remained undisclosed. The leaked data’s composition—particularly passport scans, financial records, and national identification numbers—created immediate risks for identity theft and targeted phishing campaigns against Intcomex’s customers and employees. The incident highlighted operational security deficiencies, as the attackers extracted and published vast quantities of data without triggering defensive mechanisms. Intcomex’s public acknowledgment framed the breach as contained post-discovery, with remediation efforts focused on forensic analysis and regulatory compliance. The exposure of customer databases and internal financial documents also raised concerns about downstream impacts on Intcomex’s business partners across its Latin American and Caribbean markets.