
Mexico & USA
Logistics
Data for Sale
Logistics Conglomerate Grupo ATC Data Offered for Sale After Ransom Refused
A threat actor using the alias Straightonumberone is selling what they describe as data stolen from Grupo ATC, a Mexican logistics conglomerate (comprising TLE, TLEA, and PHES), for $1,000 after a ransom negotiation reportedly failed. The listing claims 23 databases, over 340GB, and more than 2 billion rows, and says it includes employee PII (names, emails, phones, RFC, bank accounts, and CLABE), credentials and tokens (OAuth2, JWT, SFTP and API credentials, cleartext passwords, and password hashes), intercepted business emails, GPS and freight-routing data, and internal infrastructure details. The seller names major automotive and industrial partners (including Ford, Toyota, Tesla, General Motors, and Stellantis) whose data is said to be in the set. The claim is unverified.

MX / US▣Post details

Mexico & USA!Allegedly included
- 23 databases, 340+ GB
- Employee PII (RFC, bank, CLABE)
- Credentials & tokens (OAuth2/JWT)
- Cleartext passwords & hashes
- SFTP / API credentials & keys
- Intercepted business emails
- GPS & freight routing data
- Internal infrastructure details
◱Screenshot(s)
⚠Potential impact
If genuine, the exposure of credentials and tokens (OAuth2, JWT, SFTP, and API keys) alongside cleartext passwords would allow direct access to systems, while employee PII including Mexican RFC identifiers, bank account numbers, and CLABE enables financial fraud and identity theft. Because Grupo ATC is a logistics provider to major automotive and industrial firms, the seller frames the data as useful for spear-phishing and gaining initial access to those partners, giving it a supply-chain dimension. The seller says the files were encrypted and a ransom negotiation failed before the data was leaked. The claim is not verified, and no data or contact details are reproduced here.
iStatus
UnverifiedThis is a sale listing; the seller says a ransom negotiation failed and the encrypted files are now being leaked and offered for sale, with samples gated behind the forum. No samples, credentials, or the seller's contact channels are reproduced here. The claim is unverified and Grupo ATC has not publicly addressed it.
DARK WEB INFORMER - THREAT INTELLIGENCE