Top Mexican fintech firm leaks details on 1.6 million customers

News
By published

Another day, another misconfigured database

Businessman holding a magnifier and searching for a hacker within a business team.
(Image credit: Shutterstock)
  • Resaearchers uncover large database during routine analysis of available indexes
  • Database held sensitive data on more than 1.6 million Kapital customers
  • Company is still yet to close the archive

A Mexican fintech startup has been found holding a large database full of sensitive customer data wide open on the internet, available for anyone who knows where to look.

Security researchers from Cybernews found the database in early September 2024 after a routine investigation of publicly available indexes.

The database, belonging to a company called Kapital, contained sensitive data on 1.6 million Mexicans, including voter IDs and selfies.

Database still available online

Mexico City-based Kapital specializes in serving small and medium-sized businesses (SMB) with limited access to bank credit, providing different financial services, such as credit cards, or loans, and counts roughly 80,000 customers in the region, according to Fintech Nexus.

“The documents are integral to voting, identity verification, and accessing various services. Their exposure compromises individuals' immediate safety and privacy and can have negative financial consequences," the Cybernews team noted in its writeup.

When it comes to financial consequences, it was explained that the data can be used in wire fraud, identity theft, and similar money-related crime: “Threat actors can easily obtain and misuse sensitive information for identity theft. Criminals might attempt to create fraudulent accounts or gain unauthorized access to existing ones,” the researchers warned. “Financial fraud could lead to substantial monetary loss and damaged credit scores.”

To make matters worse, Kapital doesn’t seem to care much. Cybernews claims to have reached out “dozens” of times, to no avail. The country’s Computer Emergency Response Team (CERT) was also notified. However, by the time the researchers published their report, which was on November 6, the database was still up and running, three months after initial discovery.

Misconfigured cloud databases continue being one of the key causes of data breaches and leaks, exposing millions of customer records every month.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Security padlock and circuit board to protect data
Mexican fintech company Miio exposed millions of files of sensitive customer data
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
This widely-used instant loan app leaks nearly 30 million files of user data
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Data leak
Popular online bill paying site leaks data of thousands of users
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Data leak
Top collectibles site leaks personal data of nearly a million users
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
MSI Roamii BE Lite

I reviewed the MSI Roamii BE Lite – it's affordable Wi-Fi 7, but there's a catch
See more latest
Most Popular
Vinpower iXFlash and iXFlash Cube
This tiny 2TB USB Flash drive can both charge and backup your iPhone at the same time
Compal Adapt X modular laptop
One of the largest laptop manufacturers releases concept pictures of Adapt X, a modular laptop in the same vein as Framework
Anycubic foldable portable 3D printer
Anycubic may launch this gorgeous foldable portable 3D printer any day soon, and I can't wait to try it out
HP Fury G1i 18"
'2-inches gets you 30% more screen': HP is pitching 18-inch laptop as the best new thing in tech
Framework Desktop
Framework's Desktop is selling like hot cakes; Ryzen Max+ 395, Max 383 batches are sold out with next shipment in Q3
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
A person using a smartphone with an ecommerce website showing on a laptop.
Consumers are warming up to AI assistants, survey finds - 1/3 of us would allow AI to make purchases