Back to Blog
high severity June 11, 2026 · scope unconfirmed

suppcenter.global / suppcentersa.com Listed by m3rx Ransomware Group

+506 40003397. SuppCenter Global Services officially positions itself as one of the leading Xcitium solution partners and providers in the Latin America region. Xcitium is the new name of COMODO’s enterprise business. Their key cybersecurity specialization is based on a threat prevention architecture that uses Xcitium Zero Trust and ZeroDwell technologies. Official partnership: SuppCenter Global acts as a managed security service provider, or MSSP. They implement, configure, and support Xcitium/Comodo security solutions for large businesses, retail companies, and the public sector. Stolen: --

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 11, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 11, 2026, the ransomware group m3rx added suppcenter.global and suppcentersa.com to its leak site, confirming that it had exfiltrated internal files from a Latin American managed security service provider that specializes in Xcitium (formerly Comodo) cybersecurity solutions.

Confirmed Facts from Public Reporting

Public reporting indicates that SuppCenter Global Services operates as an official Xcitium partner and MSSP across Latin America. The company implements, configures, and supports Xcitium Zero Trust and ZeroDwell technologies for large businesses, retail companies, and public-sector organizations. The m3rx leak site lists both domains and includes the Costa Rican phone number +506 40003397 associated with the firm. No specific victim count or list of stolen files has been published on the leak page. Available reporting describes the incident as a ransomware attack in which internal files were exfiltrated, though the precise volume and sensitivity of the data remain unclear at the time of writing.

Why This Matters for You and Your Family

When a cybersecurity service provider is breached, the ripple effects reach ordinary customers and their families. Many individuals and households rely on the same types of enterprise-grade tools that SuppCenter helps deploy. If internal files contained customer contact details, configuration data, or credentials, those records can quickly appear in other criminal marketplaces. Credential leaks like this one often cascade into account takeovers that start with email or remote-desktop access and spread to personal banking, health portals, and children’s online gaming accounts. Even if your name is not on any published list today, the exposure of a regional MSSP increases the chance that information tied to you or your family is already circulating among attackers who target everyday users.

The Doxxing and Identity-Chain Implications

Ransomware operators rarely stop at one dataset. Once internal files leave a company’s network, they are sorted, repackaged, and sold. A single email address or phone number found in those files can be linked to usernames on social media, gaming platforms, and shopping sites. Attackers then build an identity chain that connects your work email to your child’s Roblox or Fortnite account, your home address, and family photos. The result is doxxing that feels personal and persistent. Public reporting shows these chains frequently lead to harassment, SIM-swapping attempts, or demands for payment to prevent further leaks. Because SuppCenter serves both corporate and public-sector clients, ordinary families who interact with those organizations may find their data caught in the same net.

m3rx Group’s Publicly Known Track Record

Public reporting attributes m3rx with emerging in late 2024 as a ransomware-as-a-service operator. The group has claimed responsibility for attacks on a range of mid-sized businesses and service providers. Its typical playbook begins with initial access through compromised remote desktop credentials or phishing, followed by exfiltration of internal documents before encryption. Extortion follows a double-pressure model: demands are made to the victim company while stolen data is simultaneously prepared for publication on the group’s leak site if payment deadlines are missed. Exact prior victim lists fluctuate, but available reporting consistently describes m3rx as opportunistic, focusing on organizations whose data might hold value to both direct victims and secondary buyers on criminal forums.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, usernames, and real-world identity so you can see exactly what an attacker could piece together from this breach.
  • Rotate any password you used at suppcenter.global or suppcentersa.com anywhere else it is reused, then switch on 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information surfaces you learn within hours instead of months.
  • Cover the household with DoxxScan family protection that extends to your children’s gaming accounts, which are often the weakest link in an identity chain that leads back to your home address.
  • Let remediation specialists handle the follow-up work of submitting takedown requests to data brokers and monitoring platforms where your family’s details may already be listed for sale.

The incident underscores a simple reality: data stolen from a cybersecurity provider can still endanger your family’s day-to-day digital life. Starting with a clear picture of your exposure and maintaining ongoing visibility is the most practical defense. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects scattered handles to real identities, and hands-on remediation by specialists who manage takedowns for you. Its household coverage also protects children’s gaming accounts that frequently become entry points for larger doxxing campaigns. One forward-looking step today can prevent weeks of stress tomorrow.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.