Mexican fintech company Miio exposed millions of files of sensitive customer data

Security padlock and circuit board to protect data

(Image credit: Getty Images)

2.9 million files from fintech firm Miio have been found exposed online
Researchers say the information has been unguarded for months
The company is yet to respond to the disclosure notice

Cybersecurity researchers have claimed financial technology firm Miio, which offers mobile telecoms and financial services to customers in Mexico, has suffered a huge data leak, exposing up to three million Know Your Customer (KYC) files.

Findings from Cybernews say the files were reportedly unguarded for at least several months, and contained files dating back to 2017, when the company was started. This strongly suggests that all Miio customers were impacted, with 2.9 million scans of various KYC documents found, including passports and IDs, driver’s licenses, and customer pictures.

There’s no evidence yet that malicious actors accessed the data, but since researchers were able to access it, it's probable others have too. Government issued identifications are incredibly valuable to attackers, since they can facilitate identity theft and fraud.

Unaware or unwilling

The researchers discovered the leak on September 12, 2024, and initial disclosure notice was sent on October 2, and the storage bucket has now been open for at least three months. Researcher’s attempts to reach out have been ‘met with silence’.

If the KYC documents have fallen into the wrong hands, attackers could open bank accounts, apply for loans, or take out credit cards in the victim’s names.

With the type of ID documents found and the customer selfies for verification, researchers warn that this could enable hackers to take over existing customer accounts, so victims should be ultra-vigilant in the coming months.

“In the context of Miio’s role as a telcobank serving a wide base of customers, such a leak would undermine trust in their ability to safeguard sensitive data, exposing their users to severe financial and personal risks,” the researchers said.

Check out our list of the best firewall software around today
US state sues T-Mobile over 2021 data breach which leaked data of millions
We've also rounded up the best antivirus on offer right now

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.