DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Bits ‘n Pieces (Trozos y Piezas)

Posted on May 1, 2023 by chum1ng0

CL: Saville Row attacked by BlackCat

Saville Row, a Chilean clothing store, was added to BlackCat’s leak site on April 21. Sample files provided by the threat actors included internal Saville Row documents such as invoices and purchase orders.

DataBreaches found no notice of any incident on the store’s website or social networks. They did not respond to DataBreaches’ email on April 21 asking them to confirm or deny BlackCat’s claimed attack.

In its post, BlackCat threatened them:

In the very near future all personal data of SAVILLEROW customers will be exposed and very soon the sensitive and confidential data of customers will be sold on the black market for the purpose of money laundering and other criminal activities. SAVILLEROW has 72 hours to prevent the sale of its customers’ data.

The threat has become almost standard messaging for BlackCat recently. Despite their attempts to pressure their victim, their deadline for Saville Row came and went.

VE: Banco de Venezuela added by LockBit — DISPUTED

Banco de Venezuela was added to LockBit’s leak site on April 19 with some alleged proof of claims that included identity cards and documents.

No notice of any incident could be found on bancodevenezuela.com, but an announcement was posted on their Twitter account. In machine translation, it read:

Do not echo or fall victim to Internet pirates!

We inform you that our platform and electronic channels are completely normal and providing the usual service, with absolute integrity and security.

Do not pay attention to network pirates who are part of criminal organizations that are dedicated to reputationally attacking institutions and companies. Your safety is our priority and commitment.

Follow us on our official networks and stay duly informed.”

The bank did not respond to email inquiries sent on April 19 and April 21, but their tweets forcefully denied any attack. We have found no update since those tweets.

Inspection of LockBit’s proof of claims did not support their claim that the bank’s system was compromised. DataBreaches is therefore treating this claim as disputed for now.

BR: Valid Certificadora Digital claimed by CrossLock group

Valid Certifcadora is a Brazilian firm that issues digital certificates used by both businesses and public entities. CrossLock added the firm to its leak site on April 16.

DataBreaches found no notice of any incident on the validcertificadora.com.br website, but there was an announcement on their Facebook page:

“Ola! A Valid Certificadora informa que restabeleceu os serviços da unidade de Certificados Digitais. Pedimos desculpas pela instabilidade temporária dos nossos certificados digitais. Alguns serviços estão sendo recuperados gradativamente e estamos trabalhando para normalizar a situação o mais rápido possível. Agradecemos a sua compreensão.”

Machine translation:

“Hello, Valid Certificadora informs that it has restored the services of the Digital Certificates unit. We apologize for the temporary instability of our digital certificates. Some services are being recovered gradually and we are working to normalize the situation as soon as possible. We thank you for your understanding.”

The announcement makes no mention of ransomware or any ransom demands. CrossLock claims, “We encrypted the entire network including their VMs and downloaded all their sensitive data.” According to the spokesperson, their attack had focused on just some types of files: “SSL certificates, Servers DBs, and DOcs, Images.”

DataBreaches tried to contact Valid, but the emails bounced. The most recent email attempt of April 30 was returned with a 550 5.4.1 error: Recipient address rejected: Access denied.

DataBreaches was able to make contact with CrossLock, however. They told us they are not a new group and use chacha20 and ECC. When asked whether VALID had attempted to negotiate with them, CrossLock’s spokesperson replied that they had, but no agreement had been reached.

CrossLock subsequently leaked 1.5GB of files with a note:

“For those who are interested in buying legit valid certificates, we are selling valid certificates that can be used to sign your malwares or anything. contact us on tox”

Crosslock also told DataBreaches that they informed VALID of the potential sale of certificates in a message that said:

“I’d like to metion that we already have some offers for the certificates from some gangs that want to sign their malware tools with real and valid certificates, the offers are kinda nice. However, we will not sell the certificates unless Valid company didn’t pay.” (sic)

VE: Seguros la Occidental attack claimed by BlackCat

Seguros la Occidental is a Venezuelan insurer that offers general and life insurance products. The firm was added to BlackCat’s leak site on April 21 with samples containing 27 screenshots of images of various insurance company documents that included ID cards.

DataBreaches found no notice of any incident on the insurer’s website or their social networks. Nor did they respond to DataBreaches’ email inquiries of April 21 and April 25.

GT: Cementos Progreso attack claimed by BlackCat

Cementos Progreso listing on BlackCat describes the family-owned business as "one of the most dangerous and vulnerable companies in Guatemala."
Image: DataBreaches.net

On April 20, DataBreaches reported that BlackByte had claimed an attack on Cementos Bio-Bio S.A, a Chilean cement company. This week, we found that another cement company,  Cementos Progreso, a Guatemalan firm with a presence in 7 Latin American countries, had been added to BlackCat’s leak site on April 21. As proof, they offered some samples with internal documents.

DataBreaches found no notice of any incident on Cemento Progreso’s website or social networks.

Cementos Progreso did not respond to emailed inquiries from DataBreaches on April 21 and April 24, but then, on April 27, the listing disappeared from BlackCat’s leak site.


Edited by Dissent

Category: Breach IncidentsBusiness SectorHackMalwareNon-U.S.

Post navigation

← Key U.S. Marshals computers still down 10 weeks after breach
Ransomware Gang Claims Edison Learning Data Theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.