Technology products supplier Intcomex Corp. has suffered a data breach and about a terabyte of its user data was released on a hacking forum.

First reported by Cybernews today, the leaked data included credit card details, passport numbers, license scans, personally identifiable information, payroll data, financial documents, customer details, employee information and more.

Parts of the data were first released for free on a Russian hacking forum Sept. 14, with more released Sept. 20. Those behind the hack are promising to release even more data in the future.

Intcomex hasn’t formally disclosed the data breach on its website, but the company did confirm the hack to Cybernews. In a tick box of standard responses, Intcomex said it had taken steps to address the situation, had “engaged third-party cybersecurity experts to assist us in the investigation and… implemented additional enhanced security measures. We also notified law enforcement. We are notifying affected parties as appropriate.”

The company is based in Miami, Florida, but offers services both in the U.S. and abroad. Although Florida doesn’t have any disclosure laws, California does. And though it’s not clear if it has clients in California, it’s arguably poor form not to disclose the details of a data breach publicly regardless of local legal requirements to do so.

“The bottom line is no company or industry is immune to cyberattack,” Adam Laub, general manager of data access governance firm Stealthbits Technologies Inc., told SiliconANGLE. “While it seems more of an inevitability than anything else at this point, the probability of successful breach and compromise at tremendous scale like this is really what organizations are somewhat in control of.”

Erich Kron, security awareness advocate at security awareness training firm KnowBe4 Inc., noted that not only is the volume of leaked data significant but the sensitivity of the contents was too.

“This is not a simple matter of an email address and a name; when sensitive information such as passport numbers and license scans along with payroll information are lost, these can cause significant damage to the users of the service, up to and including real identity theft,” he said. “Between legal fees, fines and identity theft protection services being provided to the victims, these types of attacks can be very costly for organizations. In addition, with this organization serving 41 countries, they are going to have a mess of notification requirements and additional fines are likely from foreign entities.”

Photo: Intcomex