Mexican fintech firm’s data exposed by unresolved misconfiguration

Cybernews reports that Mexican financial services and affordable phone plan provider Miio had 2.9 million files containing Know Your Customer documents collected between 2017 and 2024 exposed by a misconfigured cloud storage bucket, potentially impacting all of its customers.

Included in the leaked files were individuals' IDs, passports, driver's licenses, voter IDs, and selfies, according to Cybernews researchers. "In the context of Miio’s role as a telcobank serving a wide base of customers, such a leak would undermine trust in their ability to safeguard sensitive data, exposing their users to severe financial and personal risks," researchers said. Despite the potential risk of illicit activity stemming from such data exposure, Miio has yet to close the unsecured bucket three months after being informed by researchers, who also noted that their November alert to Mexico's Computer Emergency Response Team has not yet been acknowledged.