Top menu

Russian microfinance organization leaked personal information of more than 35K customers

Russian microfinance organization leaked personal information - Data Leakage Prevention by DeviceLock DLP

A microfinance organization “Zaymograd” from the Murmansk region of Russia has leaked personal information for at least 36,763 people who had signed up online to receive instant micro loans.

The leaked data included names, passport IDs, and their home addresses.

Anyone with Internet access could enumerate publicly accessible URLs at the organization’s website and receive this personally identifiable information (PII) of their customers.

Anyone could enumerate URLs and receive personally identifiable information - Data Leakage Prevention by DeviceLock DLP

The information about the misconfigured web server became available on some dark web resources on December 17th.

The microfinance organization was informed, but private customers’ data appears to still be freely available to download.