Andrade Gutierrez, a large engineering firm in Latin America, has reportedly been hacked by a group called “Dark Angels,” who claim to have stolen 3TB of emails and corporate information, including passport details, payment info, tax ID numbers, and health insurance information on over 10,000 employees.
The hackers also allegedly obtained passwords that could be used to log in to municipal and state tax authority accounts, as well as blueprints to several construction projects. The breach is said to have occurred between September and October of last year, and the firm has not acknowledged the attack.
Andrade Gutierrez is responsible for major infrastructure, energy, oil and gas, and transport projects across Latin America. The breach was achieved through exploitation of a server vulnerability that reportedly remains unpatched.
While the validity of the data shared by the hackers has not been confirmed, the stolen information could potentially be used for identity theft and fraud.
This is not the first time Andrade Gutierrez has faced controversy. In 2018, the firm agreed to pay $381m to settle graft charges associated with the “Lava Jato” scandal. The breach highlights the importance of implementing strong cybersecurity measures to prevent attacks and protect sensitive data.
