close
close
news

Latin American clients left exposed due to Bankingly’s data leak

Digital banking platform Bankingly has leaked data from seven financial institutions across Central and South America, which left clients exposed to phishing and social engineering attacks.

Back in May 2024, Cybernews’ research team identified seven Azure Blob Storage buckets without appropriate authentication methods in place, with the misconfiguration leading to exposing the personal information of approximately 135,000 clients across Latin America to anyone online. Individuals located across the Dominican Republic, Mexico, Ecuador, El Salvador, Bolivia, and Costa Rica were impacted, however, the majority of the victims, nearly 100,000 people, were from the Dominican Republic.

Further details on the data leak

The data leak was linked to Bankingly, a fintech platform that offers web services and mobile applications to financial institutions in Latin America. The firm mostly serves small and medium-sized financial institutions, including banks, credit unions, and microfinance organizations, with the majority of them being located in rural areas across the region. It is believed that Bankingly leveraged storage buckets to store customer data, including personal information and account details, to offer software solutions to financial institutions. The information that was leaked includes full names, financial applications usernames, email addresses, and personal and work phone numbers.

As per the information provided, the financial institutions that were affected by the leak include La Cooperativa de Ahorro y Crédito Abierta “San Martín de Porres”, Asociación La Nacional de Ahorros y Préstamos, Caja Buenos Aires, Caja Mitras, Coac Puellaro, Credecoop, and AMC. In addition to causing reputational harm to the aforementioned financial institutions, the leaked information poses several risks for affected individuals. Despite not being enough for cybercriminals to directly make financial transactions such as applying for loans or opening new bank accounts, the information can be used for phishing or social engineering attacks. Criminals can leverage the leaked data to craft phishing emails that seem to originate from the victim’s financial services provider or call impersonating the bank employee, intending to deceive individuals into disclosing further personal information or login credentials.

When contacted by Cybernews, Bankingly mentioned that the data in the buckets had been secured. However, the company did not respond to the request for comment and neither did the affected financial organizations.

Related Articles

Back to top button