Brinztech Alert: Database of Burris & MacOmber (Mercedes-Benz Legal Counsel) is on Sale

Cyber Breaches Threat Alert today01/12/2025

Background
share close

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the sale of an 18.3 GB database allegedly belonging to Burris & MacOmber, a US-based law firm.

Brinztech Analysis:

  • The Target: Burris & MacOmber is a verified legal firm (with offices in Arizona and associated with McOmber McOmber & Luber in NJ) that has historically provided legal representation for Mercedes-Benz USA. Law firms are increasingly targeted as “force multipliers” because they hold the most sensitive secrets of multiple high-value clients while often lacking the enterprise-grade security of those clients.
  • The Data: This is a “Crown Jewels” leak for corporate espionage and fraud. The dataset reportedly includes:
    • Customer PII: Full names, addresses, phone numbers, VINs (Vehicle Identification Numbers), and license plates of Mercedes owners involved in legal cases (e.g., Lemon Law suits, warranty disputes).
    • Financial Data: Routing and Account Numbers for US vendors. This is the “smoking gun” for financial fraud.
    • Confidential Intelligence: Internal policy manuals, warranty policies, and legal defense strategies.
  • The Threat: The sale of “vendor banking details” combined with “internal financial authorization forms” creates a near-perfect setup for Business Email Compromise (BEC). Attackers can impersonate vendors to divert payments using the actual account numbers found in the leak.

Key Cybersecurity Insights

This alleged data breach presents a critical supply chain threat to Mercedes-Benz and its partners:

  • High Risk of Targeted Financial Fraud (BEC): The combination of vendor banking details and internal financial authorization forms allows attackers to craft highly convincing invoice fraud campaigns. They can email Mercedes-Benz AP (Accounts Payable) posing as a legitimate vendor, citing real contract numbers and requesting a “change of bank account” to a mule account.
  • Critical Operational Intelligence Leak: The exposure of internal warranty policies and legal defense strategies provides a tactical advantage to opposing counsel in current litigations and to competitors looking to understand Mercedes-Benz’s internal cost structures and liability thresholds.
  • Physical & Identity Security for Owners: The leak of VINs and License Plates linked to names and addresses creates a physical security risk for vehicle owners. This data can be used for vehicle cloning, title fraud, or targeted theft of high-end luxury vehicles.
  • Third-Party Supply Chain Vulnerability: This incident highlights that a company’s security is only as strong as its least-secure vendor. Mercedes-Benz secured its own perimeter, but its sensitive data was allegedly exfiltrated via a trusted legal partner.

Mitigation Strategies

In response to this claim, Mercedes-Benz USA and its vendors must take immediate action:

  • Immediate Financial Lockdown: Mercedes-Benz finance teams must freeze all payment method changes for vendors listed in the legal firm’s database. Verify any request to update banking details via a verbal confirmation with a known contact.
  • Vendor Risk Audit: Conduct an immediate security audit of Burris & MacOmber and other external counsel. Ensure they adhere to strict data retention policies—legal firms should not be storing mass databases of customer PII longer than necessary for active litigation.
  • Customer Notification: If confirmed, Mercedes-Benz must notify the affected vehicle owners. Warn them to be vigilant against “warranty expiration” scams or calls claiming to be from the legal department regarding their vehicle.
  • Dark Web Monitoring: Deploy monitoring to detect if the “vendor banking details” or specific legal case files are being sold or shared in private fraud channels.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com

Written by: Threat Alert

Rate it
Previous post
Similar posts

Cyber Breaches Threat Alert / 01/12/2025

Brinztech Alert: Alleged Database of Banorte is on Sale (4.8 Million Records)

Dark Web News Analysis A threat actor on a known cybercrime forum is advertising the alleged sale of a database belonging to Banorte (banorte.com), one of Mexico’s largest financial institutions. The dataset reportedly contains 4.8 million records of Mexican taxpayers and bank clients. Brinztech Analysis: Key Cybersecurity Insights This alleged data breach presents a critical ...

Read more trending_flat

Cyber Breaches Threat Alert / 01/12/2025

Brinztech Alert: Database of Burris & MacOmber (Mercedes-Benz Legal Counsel) is on Sale

Dark Web News Analysis A threat actor on a known cybercrime forum is advertising the sale of an 18.3 GB database allegedly belonging to Burris & MacOmber, a US-based law firm. Brinztech Analysis: Key Cybersecurity Insights This alleged data breach presents a critical supply chain threat to Mercedes-Benz and its partners: Mitigation Strategies In response ...

Read more trending_flat

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *

Brinztech is a leading technology solutions provider dedicated to empowering businesses in the digital age. Founded in 2013

Useful Link
Contact Info
Follow us