- 2.9 million files from fintech Miio found exposed online
- Investigators say the information has been unprotected for months.
- The company has yet to respond to the disclosure notice.
Cybersecurity researchers have claimed that financial technology company Miio, which offers mobile telecommunications and financial services to customers in Mexico, has suffered a massive data breach, exposing up to three million Know Your Customer (KYC) files.
Cybernews’ findings say the files were reportedly unprotected for at least several months and contained files dating back to 2017, when the company was founded. This strongly suggests that all Miio customers were affected, with 2.9 million scans of various KYC documents found, including passports and IDs, driver’s licenses and customer photographs.
There is no evidence yet that malicious actors accessed the data, but since the researchers were able to access it, it is likely that others did as well. Government-issued IDs are incredibly valuable to attackers as they can facilitate identity theft and fraud.
Unconscious or unwilling
Investigators discovered the leak on September 12, 2024, the initial disclosure notice was sent on October 2, and the storage warehouse has been open for at least three months. Investigators’ attempts to reach out have been “met with silence.”
If KYC documents fall into the wrong hands, attackers could open bank accounts, apply for loans, or take out credit cards in the victim’s name.
With the type of identification documents found and customer selfies for verification, researchers warn that this could allow hackers to take over existing customer accounts, so victims should be very alert in the coming years. months.
“In the context of Miio’s role as a telecommunications bank serving a broad customer base, such a breach would undermine confidence in its ability to safeguard sensitive data, exposing its users to serious financial and personal risks,” they said. the researchers.
