Cyber Incident Victim: Unidas

Unidas (LCAM3), a car rental company, publicly disclosed a security incident on November 23, 2020. The company provided an updated statement two days later on November 25 regarding unauthorized access to its systems. According to their announcements, attackers potentially copied an undetermined portion of the company's data during the breach. The organization confirmed the incident involved both unauthorized system access and possible data exfiltration but did not specify the intrusion method or initial attack vector. At the time of their November 25 update, Unidas was still actively working to identify which specific datasets had been compromised in the breach. The company did not disclose whether customer information, financial records, or operational data were among the affected assets. No details were provided regarding the duration of unauthorized access prior to detection or whether the breach impacted specific business units or technological infrastructure.

In its communications, Unidas did not reveal any containment measures implemented following the breach discovery or whether external cybersecurity experts were engaged for incident response. The company's statements lacked technical specifics about forensic investigations, system restoration processes, or vulnerability remediation efforts. No information was released regarding potential operational disruptions, financial impacts, or regulatory notifications stemming from the incident. The organization's updates referenced ongoing identification processes for the compromised data but did not establish timelines for completion of this analysis or subsequent notifications to affected parties. Third-party reports referenced in initial coverage did not provide additional verified details about the breach's scope or consequences beyond the company's official statements.