More than 10,000 Brazilians had their personal and financial data exposed on the internet between December 2020 and February this year. The information is from specialists at vpnMentor, a group focused on digital security, which found the breach on an Amazon server and which contained records of Prisma Promotora customers. The finance company operates in 19 Brazilian states and has clients such as Renault, BV Financeira and Banco Safra.
According to the group, about 717 thousand files and approximately 570 GB of data were unprotected. The files had full names, e-mails, CNPJs, dates of birth and personal or work addresses, copies of documents with photo and credit, debit or savings cards. The data were in Excel spreadsheets that Prisma Promotora used to register customers.
Experts have reported that the unprotected data on Amazon Web Services actually belongs to an organizational management company. Prisma Promotora would be a client of the company and had no control or knowledge over the exposed data.
The spreadsheets also exposed information such as vehicle records, criminal record certificates and recordings with the record of negotiations carried out between customers and the finance company. In addition to the two thousand spreadsheets, more than 105 thousand audio files were available, which recorded requests for loans or financing, involving information such as bank details, collection codes, among others.
It is not yet known how long the information was available. The vulnerable platform was closed on February 14, with no explanation from the financial company.
If the breach was identified by individuals with dubious intentions while it was still available, there is a high chance that the data will be used in fraud, extortion or identity theft. To prevent this, it is essential that companies notify customers and partners. People who have had their data leaked need to be extra careful when receiving messages from unknown numbers via SMS or WhatsApp, asking for financial or identification information.