“A misconfigured server exposed the taxpayer identification numbers, or Cadastro de Pessoas Físicas (CPFs), for 120 million Brazilian nationals for an unknown period of time Before a Brazilian national can perform many tasks such as opening a bank account, creating a business, paying taxes, or getting a loan, they must first apply for a Cadastro de Pessoas Físicas. Similar to the U.S.A. Social Security Number, a CPF number become associated with an owner’s financial and personal information and is obviously a risk if they are publicly exposed. It is not known if any other researchers, or criminals, had discovered the data before it was taken offline. What is concerning is why data such as this was on a third-party server in the first place. ‘The major question here is how did this highly sensitive and confidential data go online on a third-party server in a flagrant violation of all possible security, compliance and privacy fundamentals? Who else has access to this data and its copies? A thorough investigation is required within the Brazilian government to determine who should bear the responsibility.’ stated Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge.”
Source: Taxpayer ID Numbers for 120 Million Brazilians Exposed Online