Cyber Incident Victim: Plascar Participações Industriais S.A.

On November 30, 2022, the Vice Society ransomware group publicly listed Plascar Participações Industriais S.A. (Plascar) on their dedicated leak site, claiming responsibility for a cyberattack against the company. The threat actors asserted they had exfiltrated and subsequently leaked 650 GB of data belonging to the automotive parts manufacturer. This announcement marked the first public disclosure of the incident, as Plascar had not issued any prior notifications about a breach through its official website or social media channels. The compromised data volume represented a significant quantity of corporate information, though the specific content or sensitivity of the leaked files was not detailed in Vice Society's claim. No additional technical specifics regarding the attack vector, intrusion timeline, or encryption of systems were disclosed by the threat group.

Plascar did not acknowledge the incident or respond to media inquiries following Vice Society's disclosure. Cybersecurity analysts attempting to verify the breach sent emails to both Plascar and Vice Society on November 30, but neither party provided confirmation or additional details by the time of initial reporting. The absence of public statements from Plascar left the full operational and financial impacts of the incident unverified, including potential disruptions to manufacturing operations, supply chain partnerships, or data protection obligations. Vice Society's leak site entry remained the sole source of information about the compromise at the time of initial reporting, with no subsequent updates from either entity regarding negotiations, data recovery efforts, or forensic investigations. The incident occurred amidst a series of regional cyberattacks in late November 2022, though Plascar's breach appeared unrelated to contemporaneous incidents affecting organizations in Uruguay, Colombia, and Argentina.