Cyber Incident Victim: Fabrega Molino Abogados

The Fabrega Molino incident involved a cyberattack on the Panamanian law firm culminating in the public leak of its data by the BlackCat ransomware group on or around March 18, 2023. BlackCat claimed to have exfiltrated 113 gigabytes of the firm’s data and published it on their leak site. While the group did not specify whether they deployed ransomware to encrypt systems or solely extracted data, the leak included sensitive personal documents such as passports and a will, indicating potential privacy impacts for affected individuals. Fabrega Molino acknowledged a security incident in a website statement but provided limited technical or operational details, characterizing it as an "isolated" event detected on an unspecified network segment. The firm asserted their cybersecurity experts "contained and resolved" the incident immediately but did not disclose the initial attack vector, duration of unauthorized access, or specific data types compromised beyond general references to computer equipment security enhancements.

Fabrega Molino’s public response lacked confirmation of data theft or acknowledgment of BlackCat’s claims, despite the threat actor publishing identifiable personal documents as proof of compromise. The firm did not address whether it notified individuals whose personal information appeared in the leak, nor did it reference plans to offer identity monitoring or other mitigation services to impacted parties. Independent verification attempts by DataBreaches.net yielded no additional information from either Fabrega Molino or BlackCat regarding the scope of exfiltrated client data. The confirmed presence of passports and a will within the leaked data introduced risks of identity theft, fraud, and exposure of confidential client legal matters. Limited transparency from the firm left critical questions about attack chronology, data integrity, and remediation effectiveness unresolved as of the last reported outreach on March 24, 2023.