The Mexican company OSSC Mexico, founded in 2008 and headquartered in Zapopan, Jalisco, is in a complicated situation due to a recent hacker attack called LockBit. This company specializes in technological solutions for payroll management through its software GIRO, which is used by various companies in Mexico for managing their salary payments and deductions.
One of the main risks facing OSSC Mexico after this cyberattack is the exposure of confidential data of its clients, which include companies like Tequila Clase Azul, Sirloin Stockade, Global Gas, Frutti Queko, Muñoz Corporativo, Grupo Fábricas Selectas, DLC Corporativo, and Canadian School. This information leak could have serious consequences, such as financial fraud, extortion, and phishing attacks, as hackers have gained access to payroll receipts, bank data, employment contracts, personal credentials, among other sensitive data.
Víctor Ruiz, a certified cybersecurity instructor and founder of SILIKNOSSC Mexico, mentioned that this type of cyberattack has an impact beyond the affected company, as a trend has been observed where attackers focus on companies that provide services used by multiple organizations. Ruiz warns that hackers could use the stolen information to impersonate employees and carry out fraudulent activities in the name of the compromised company.
The screenshots leaked by LockBit reveal the extent of the cyberattack on OSSC Mexico, exposing confidential information such as payroll receipts with RFC, CURP, salaries, deductions, employment contracts, internal HR reports, INE credentials, and birth certificates. This compromised data represents a significant risk for employees, as they could fall victim to identity theft, extortion, and financial fraud.
In summary, this cyberattack on OSSC Mexico jeopardizes the financial and personal security of hundreds or thousands of workers in Mexico, who may face severe consequences arising from the exposure of confidential information. The affected company and its clients find themselves in a vulnerable situation against such threats, highlighting the importance of strengthening cybersecurity measures to prevent future incidents.
