Chilean financial giant Caja Los Andes leaks data of 10M customers
Take action: Don't succumb to data greed, it's too easy for the data to be leaked online and cause huge problems. Also be very mindful of your data store accessibility - nothing should be accessible on the public internet unless properly secured and locked down.
Learn More
Cybersecurity researchers revealed that the data of 10 million Chilean citizens was exposed due to a leak associated with Caja Los Andes, a leading Family Allowance Compensation firm in Chile. The organization provides a range of services, including health insurance, loans, mortgages, and pension funds, and has approximately four million members as of 2023.
The leaked dataset contained information for more than double that number, indicating that the data likely includes family members, former members, or even deceased individuals - which indicates poor data retention discipline and even data greed, collecting data that was not needed for services "just in case".
The leak of the Apache Cassandra database was reportedly due to a lack of authentication.
The data leak resulted from an Apache Cassandra database publicly accessible on the internet without authentication. The compromised data includes:
- Names
- Home addresses
- Financial details
- Email addresses
Chile’s data protection laws stipulate heavy penalties for companies responsible for such breaches, with fines that could reach up to 4% of the firm’s annual income. Caja Los Andes may also face substantial lawsuits from those affected.
