Brazilian Financial Service Exposed 250GB Of Local Banks’ Customers Data Via Unsecured Server

Another huge data leak incident comes up this time affecting Brazilian customers. A Brazilian financial service exposed massive customer records belonging to various local banks. The leaked data sums up to whopping 250GB.

Brazilian Financial Service Exposed Data

Reportedly, a Brazilian financial service has exposed huge records on an unprotected server. The data allegedly belongs to customers of numerous local banks with a sizeable chunk relating to Banco Pan.

As revealed in a ZDNet report, the exact number of customers affected by this incident remains undetermined. However, the size of leaked records making up to 250GB suffices to hint the extent of the breach.

The news first surfaced online after a Brazilian website The Hack reported the leak. Allegedly, the security researchers Data Group found the leak that exposed a massive amount of data containing sensitive information.

Regarding the exposed information, ZDNet reported,

Exposed personal data includes scanned ID and social security cards, as well as documents provided as proof of address and service request forms filled out by customers based in the capital city of Fortaleza, in the Brazilian state of Ceará.

Banco Pan To Be The Major Victim

This data exposure incident affected numerous banks as the leaked data include their customers’ details. However, as per the findings, the Brazilian commercial bank ‘Banco Pan’ seems the major victim. As stated by ZDNet,

Even though the incident is linked to more than one bank, a sizeable chunk of the documentation exposed relates to local firm Banco Pan.

Nonetheless, the Banco Pan, in its statement, assured no cybersecurity incident hit them. Rather the unsecured server exposing the said data belongs to some commercial partner.

After careful analysis of its security systems accompanied by independent consultancy, it has become evident that the server is not owned by Pan and that no intrusion into the bank’s infrastructure has been found.

They also believe that the service owning the leaky server supposedly deals with loan services to pensioners, considering the leaked documents.

However, the bank assures to take appropriate security measures in case of any misuse of the data.

For now, the actual owner of the leaky server remains unnamed.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients