The data leak involved Bankingly, a fintech platform that provides web services and mobile applications to financial institutions in Latin America. The company primarily serves small and medium-sized financial institutions like banks, credit unions, and microfinance organizations, mainly located in rural areas. Bankingly is believed to have used storage buckets to store customer information, including personal data and account details, for offering software solutions to these financial institutions. The exposed information includes full names, usernames for financial applications, email addresses, as well as both personal and work phone numbers.

According to the details provided, affected financial institutions include La Cooperativa de Ahorro y Crédito Abierta “San Martín de Porres”, Asociación La Nacional de Ahorros y Préstamos, Caja Buenos Aires, Caja Mitras, Coac Puellaro, Credecoop, and AMC. The leak not only caused reputational damage to these financial institutions but also posed significant risks for the individuals whose data was compromised. While it may not be sufficient for cybercriminals to directly perform actions like applying for loans or opening new bank accounts, the leaked information can still be used in phishing or social engineering attacks. Criminals could use this data to send convincing phishing emails that appear to come from the victim’s financial service provider or to make fraudulent calls impersonating a bank employee with the goal of tricking individuals into divulging additional personal information or login credentials.

When Cybernews reached out to Bankingly, they stated that the data in the buckets was secured. However, neither Bankingly nor the affected financial institutions responded to further inquiries for comments.