Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Government-level personal data leaked across seven countries

Misconfigured databases put millions at risk of identity theft and fraud

byKerem Gülen
September 5, 2025
in Cybersecurity
Home News Cybersecurity

Security researchers at Cybernews have identified three misconfigured servers holding personal data on more than 250 million individuals. The exposed information, including government-level identity profiles, originated from databases located in Brazil and the United Arab Emirates. This data leak placed a substantial number of people at risk of various cybercrimes.

The compromised data affected individuals across seven countries: Turkey, Egypt, South Africa, Saudi Arabia, the United Arab Emirates, Mexico, and Canada. Those in Turkey, Egypt, and South Africa experienced the most extensive data loss, described as “full-spectrum” data exposure. The leaked information encompassed ID numbers, dates of birth, contact details, and home addresses.

Despite the discovery of the misconfigured servers, Cybernews researchers were unable to definitively identify the database owners. Analysis of the data structures, however, suggested the possibility that a single entity operated all three servers. As Cybernews stated, “It’s likely that these databases were operated by a single party, due to the similar data structures, but there’s no attribution as to who controlled the data, or any hard links proving that these instances belonged to the same party.”

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

The structure of the leaked data pointed towards what the researchers described as “government-level identity profiles.” This characterization suggests a high level of detail and comprehensiveness in the exposed personal information.

Upon discovering the vulnerability, Cybernews contacted the hosting providers to secure the exposed data. The hosting providers responded by locking down the archives, preventing further unauthorized access. The exact duration the databases remained unlocked prior to this intervention remains unknown, raising concerns about potential prior access by malicious actors.

The potential consequences of this data leak are significant. The leaked information can be exploited for various cybercrimes, including identity theft, wire fraud, phishing, and social engineering. Threat actors could impersonate victims to open fraudulent bank accounts, obtain unauthorized loans, or file illegitimate tax returns. Furthermore, the data could be used to craft highly convincing phishing emails, increasing the likelihood of successful credential theft and subsequent access to sensitive business accounts.

The incident underscores the persistent risk posed by misconfigured databases. These types of misconfigurations remain a leading cause of data leaks across web and cloud environments, highlighting the need for robust security measures and diligent monitoring to prevent unauthorized access to sensitive information.


Featured image credit

Tags: CybersecurityFeatured

Related Posts

Texas Attorney General files lawsuit over the PowerSchool data breach

Texas Attorney General files lawsuit over the PowerSchool data breach

September 5, 2025
LunaLock ransomware hits artists/clients with AI training threat

LunaLock ransomware hits artists/clients with AI training threat

September 5, 2025
GWI: Gen Z lacks cybersecurity awareness vs boomers

GWI: Gen Z lacks cybersecurity awareness vs boomers

September 5, 2025
Browser attacks target third-party apps like Salesforce

Browser attacks target third-party apps like Salesforce

September 5, 2025
ShinyHunters uses vishing to breach Salesforce data

ShinyHunters uses vishing to breach Salesforce data

September 3, 2025
Zscaler: Salesloft Drift breach exposed customer data

Zscaler: Salesloft Drift breach exposed customer data

September 2, 2025

LATEST NEWS

Texas Attorney General files lawsuit over the PowerSchool data breach

iPhone 17 Pro is expected to arrive with 48mp telephoto, variable aperture expected

AI chatbots spread false info in 1 of 3 responses

OpenAI to mass produce custom AI chip with Broadcom in 2025

When two Mark Zuckerbergs collide

Deepmind finds RAG limit with fixed-size embeddings

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.