Brazilian Financial Service Exposed 250GB of Local Banks’ Customer Data via Unsecured Server (Jul 28, 2019)
An unsecured server owned by an unnamed Brazilian financial service provider and containing approximately 250GB of data has been identified, according to Data Group researchers. The data consisted of Personally Identifiable Information (PII) including scanned ID cards, social security numbers, and documents related to proof of address and service request forms. Researchers found that a majority of the data belonged to customers of Banco Pan, and the bank has stated that the server and the information is managed by a commercial partner in response.
Recommendation: The exposure of Personally Identifiable Information (PII) requires affected individuals to take precautionary measures to protect their identity and their finances. Identity theft services can assist in preventing illicit purchases, or applying for financial services from taking place by actors using stolen data.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.