Bankingly leaks data from seven financial institutions in Latin America

The data leak was linked to Bankingly, a fintech platform that offers web services and mobile applications to financial institutions in Latin America. The firm mostly serves small and medium-sized financial institutions, including banks, credit unions, and microfinance organisations, with the majority of them being located in rural areas across the region. It is believed that Bankingly leveraged storage buckets to store customer data, including personal information and account details, to offer software solutions to financial institutions. The information that was leaked includes full names, financial applications usernames, email addresses, and personal and work phone numbers.

As per the information provided, the financial institutions that were affected by the leak include La Cooperativa de Ahorro y Crédito Abierta “San Martín de Porres”, Asociación La Nacional de Ahorros y Préstamos, Caja Buenos Aires, Caja Mitras, Coac Puellaro, Credecoop, and AMC. In addition to causing reputational harm to the aforementioned financial institutions, the leaked information poses several risks for affected individuals. Despite not being enough for cybercriminals to directly make financial transactions such as applying for loans or opening new bank accounts, the information can be used for phishing or social engineering attacks. Criminals can leverage the leaked data to craft phishing emails that seem to originate from the victim’s financial services provider or call impersonating the bank employee, intending to deceive individuals into disclosing further personal information or login credentials.

When contacted by Cybernews, Bankingly mentioned that the data in the buckets had been secured. However, the company did not respond to the request for comment and neither did the affected financial organisations.

Source: Link