DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Bits ‘n Pieces (Trozos y Piezas)

Posted on February 17, 2023 by chum1ng0

ES: Cosmetics firm added by LockBit

Skin and hair products firm Montibello has been added by  LockBit3.0  to their leaks page. The listing was added on February 14th but without any filetree or proof. DataBreaches emailed  Montibello to see if they would confirm or deny an attack but received no reply.  There is nothing on their website or social media accounts about any attack. DataBreaches considers this an unconfirmed claim at this time.

AR: Energy company attacked by LockBit3.0

Grupo Albanesi is a private company dedicated to the distribution of energy in Argentina. As with Montibello, it was added to LockBit3.0’s leak site on February without any proof. And like Montibello, there is no mention on their website or social media accounts of any incident.

An inquiry submitted to them on their site did not receive a reply.

MX: Personal and sensitive information on Financiera Reyes customers leaked (Update)

DataBreaches previously reported that LockBit3.0 had claimed Financiera Reyes as a victim but had provided no proof and Financiera Reyes had not responded to inquiries from DataBreaches.

Financiera Reyes describes itself as a multiple purpose financial company, “non-regulated entity, which does not require authorization from the Ministry of Finance and Public Credit for its constitution and operation, however, it is subject to the supervision of the National Banking and Securities Commission, solely for the purposes of the provisions of article 56 of the General Law of Auxiliary Credit Organizations and Activities.”

Data leaked by LockBit confirm LockBit’s claimed attack. The files include documents related to future credit or customers and other files with personal information such as an INE (National Electoral Institute) record, a service ticket, and  a document called “Direccion General Del Registro Civil” Nacimiento. An .xlsx file called “Circulocredfinanciera”  also included personal data of people who have requested credit. Files in one folder contained files from 2020 to early 2022 with detailed information on people.

First part of spreadsheet with personal information redacted.
Fields in the first part of the spreadsheet include paternal surname, maternal surname, names, date of birth, RFC, CURP, social security number, IFE voter code, address, population, and neighborhood. Image and redaction: DataBreaches.net.

 

Second part of spreadsheet with personal information redacted.
Fields in the second part of the spreadsheet include delegation municipality, city, state, postal code, telephone number, company name, address, population neighborhood, telephone number, position, and salary. Image and redaction: DataBreaches.net.

 

Part 3 of spreadsheet with personal information redacted.
Fields in the third part of the spreadsheet include current account, payment numbers, amount to pay, last payment date, last purchase date, account closing date, cut-off date, maximum credit, current balance, credit limit, and overdue balance. Image and redaction: DataBreaches.net.

 

Part 4 of spreadsheet with personal information redacted.
The fourth part of the spread sheet includes fields for first default date, unpaid balance, last payment amount, monthly terms, origination credit amount, and consumer email address. Image and redaction: DataBreaches.net.

The file illustrated above is just one of a number of such files that have been leaked.

More than two months after the attack was first disclosed by LockBit, there is still no notice of any kind on Financiera Reye’s website, and again they have not responded to inquiries. DataBreaches does not know if they have notified any regulators or consumers.


Edited by Dissent.

Category: Breach IncidentsFinancial SectorMalwareNon-U.S.

Post navigation

← Norway finds a way to recover crypto North Korea pinched in Axie heist
$150 million: the cost of a cyberattack? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.