Brinztech Alert: Database of a Colombian HR Payroll Company is on Sale ($460)

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the alleged sale of a database belonging to a Colombian HR Payroll company. The dataset is being offered for a notably low price of $460, suggesting a potential “fire sale” or a desire for quick monetization by an Initial Access Broker (IAB) or data reseller.

While the specific company name is not disclosed in the initial public listing (often withheld to force direct contact or prevent immediate patching), the description indicates a comprehensive compromise of a third-party service provider.

The Data: The leaked dataset is described as a “fullz” package for employees, containing:

• Identity Data: National IDs (Cédula de Ciudadanía), Full Names, Addresses.
• Financial Data: Salary details, Bank Account numbers, and payment history.
• Sensitive HR Data: Health (EPS) and Pension (AFP) affiliations, employment history, and even Family Names (beneficiaries).

Context: This incident aligns with a broader surge in cyberattacks targeting Latin American infrastructure in 2024-2025. Recent reports have highlighted attacks on Colombia’s National Navy (Armada Nacional) and other public sector entities (like the immigration database breach reported in October 2025), indicating a sustained campaign against the region’s data aggregators.

Key Cybersecurity Insights

This alleged data breach presents a critical and immediate threat:

• Supply Chain / Third-Party Risk: This is the primary danger. As an HR/Payroll provider, the victim company holds the data of multiple client organizations. A single breach here cascades into a data leak for every company using their payroll services, bypassing the clients’ own internal defenses.
• High Risk of Targeted Financial Fraud: The combination of salary history and bank account details is a goldmine for fraud. Attackers can use this to craft highly convincing Business Email Compromise (BEC) attacks (e.g., diverting payroll to a new account) or apply for fraudulent loans using the victim’s real financial profile.
• Social Engineering & Extortion: The inclusion of Family Names and health/pension data allows for aggressive social engineering attacks targeting the employees’ families or leveraging sensitive health status for extortion.
• Regulatory Liability (Law 1581): This breach is a direct violation of Colombia’s Statutory Law 1581 of 2012 (Personal Data Protection Law). The exposed data falls under “sensitive data” categories. The responsible entity faces fines of up to 2,000 minimum monthly wages (approx. $500k USD) and potential operational suspension by the Superintendence of Industry and Commerce (SIC).

Mitigation Strategies

In response to this claim, Colombian organizations using third-party payroll providers must take immediate action:

• Immediate Vendor Audit: HR and IT directors must urgently verify if their payroll provider is the victim. If confirmed, demand a full forensic report and timeline of the exposure.
• Employee Notification & Monitoring: Affected organizations must notify employees immediately (as per Law 1581) and advise them to monitor their bank accounts for unauthorized activity and be vigilant against calls/emails referencing their salary or benefits.
• Implement “Payroll Hygiene”: Review the data minimization policies with vendors. Does the payroll provider need to store historical family data or past bank accounts? Reducing the data footprint reduces the risk.
• Enhanced BEC Detection: Security teams should tune their email gateways to flag any communications appearing to come from the HR provider or requesting changes to direct deposit information.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com