UY: Thomas J. Shandy Attack Claimed by AvosLocker
The firm of Thomas J. Schandy has been listed on the leak site for AvosLocker. The February 5 listing claims that the threat actors have about 100 GB of information from the firm which states that their “jurisdiction has particular emphasis on all the national ports of Uruguay.” AvosLocker provided a few files such as curriculum vitae and work agreements as a proofpack.
Shandy describes itself as “Comisarios de Avería y Liquidadores de Siniestros” in Uruguay. They act as Lloyd’s agents and P&I correspondents.
The firm has no mention on their website about any incident and they have not responded to two email inquiries from DataBreaches asking if they would confirm or deny any attack.
CO: Medellin.gov.co attack claimed by LockBit3.0
Here’s a case where a municipality proactively posted notice of a problem. In a tweet on February 2, the Secretaría de Seguridad y Convivencia wrote (machine translation:)
We are facing a cyberattack of unknown origin against the dispatch servers of the Integrated Emergency and Security System- SIES-M, which was overcome and repelled on February 1 without ever affecting the operation of the city’s security and emergency agencies.
An image of their website notice was embedded in the tweet.
On February 6, LockBit3.0 added Medellin.gov.co to its leaks page with five files uploaded as proof. Muchohacker.lol verified the files and described the contents of four of them. One of the screenshots showed a directory of folders and files concerned with homicides. The most sensitive file in the sample was reported to be a document called a “Suicide Attempt Attention Record,” which @hyperconectado wrote revealed the details and personal data of a woman who allegedly attempted to end her life. A fifth file appeared to contain names, cellphone numbers, and email addresses.
Neither the mayor’s office nor the Secretary of Security and Coexistence has provided more details or any updates. The mayor’s office has not responded to two emails sent by DataBreaches, and LockBitSupport did not respond on Tox. Muchohacker.lol also reports that the mayor did not respond to them.
MX: Avante Textil distributor hit by LockBit3.0
The textile distributor “Avante Textil” was added to the LockBit3.0 leak page on February 2 with some samples as proof such as electronic payment receipts.
Avante’s website and social networks do not mention any security incident, so DataBbreaches submitted a web form inquiring about LockBit’s claims. No reply has been received by publication.
BR: Politriz data leaked by LockBit3.0
In a previous Trozos y Piezas, DataBreaches reported that an attack on Politriz had been claimed by LockBit3.0 but LockBit had not posted any proof. We can now update that entry and note that Politriz data was dumped on LockBit3.0 on January 27. The 693 folders contain information about the company such as sales balances, some contracts for the provision of services, and accounting. But DataBreaches also noted some personnel-related files like payment records to named employees, some medically-related information like a medical transportation voucher, a doctor’s note that someone needed time off from work, and a military draft file.
There is no notice on Politriz’s site about any breach and DataBreaches does not know whether they have notified any employees, regulators, or anyone else.