Cyber Incident Victim: Empresa de Telecomunicaciones de Colombia

In August 2022, Colombian business process outsourcing firm Emtelco S.A. experienced a cyberattack claimed by the Qilin ransomware group. The attackers asserted they had exfiltrated hundreds of gigabytes of data from the company's systems during the intrusion. Qilin published a proof pack on their leak site to substantiate their claims, though the publicly visible materials did not contain identifiable personal information. The compromised data allegedly included customer and employee records, though the specific types of information and exact volume beyond "hundreds of gigabytes" remained unverified. Emtelco, which provides customer service and back-office operations for clients across multiple sectors, did not publicly acknowledge the breach or provide details about affected systems or operational disruptions.

The incident gained visibility when Qilin listed Emtelco on their data leak site alongside other victims like Brazilian retailer Lojas Torra. While the threat actors described possessing sensitive organizational and personal data, no substantive evidence of compromised user information appeared in their initial disclosures. Emtelco maintained no official communication regarding the alleged breach, leaving the scope of impacted stakeholders and operational consequences unconfirmed. The absence of visible personal data in the proof pack did not eliminate potential risks of downstream exploitation, but no further disclosures or ransom demands were documented in available sources. Third-party monitoring of Qilin's activities revealed the group's persistent targeting of Latin American organizations during this period, though Emtelco's incident resolution status remained undisclosed by the company.