Brazillian bank named Banco Pan is at the center of the biggest controversy of its history when it was involved with the release of 250GB worth of their customers’ data to the public. The unprotected server in question is not yet identified at the time of this writing, but it hosts data not only for Banco Pan but with other banks as well. Banco Pan was highlighted, as a huge chunk of the lost data is from their customers. But security researchers got a hold of the information that the stolen records reaching 250GB are floating on the Internet. According to initial reports, the following user information includes:
- Scanned ID
- Residential/mailing address
- Full name
- All information asked in the customer information sheet
- Digital copies of Social security cards (which includes more information such as the place of birth, birthdate and contribution records)
“After careful analysis of its security systems accompanied by independent consultancy, it has become evident that the server is not owned by Pan and that no intrusion into the bank’s infrastructure has been found. [Pan] will take appropriate measures if any misuse of this [personal] data is identified,” explained representative of Banco Pan.
The unnamed 3rd-party service is blamed for the leak, data protection seems to be absent, but exact details on how it occurred, when it exactly happened and other circumstances of the case are still not known. The exact number of affected customers is also still unknown, Banco Pan remains secretive about the data leak when it comes to their customers, even in a period that they require information from the bank.
As this is a developing story, Thethreatreport.com will try to follow-up this article with a new one that may hopefully contain more details.