Full names, contact details, and addresses.
Misconfigured Google Cloud Storage bucket ( ciee-storage.storage.googleapis.com ). Scale: Over 364,000 files, ~28 GB of data. 486k_brazil.txt
Data breaches in Latin America have risen in frequency, with Brazil being a primary target. The 2025 CIEE incident exemplifies the risks associated with misconfigured cloud services ("cloud storage misconfigurations"). This incident was characterized by the exposure of "legacy data" and active PII, allowing unauthorized access without authentication. 2. Incident Overview and Methodology Full names, contact details, and addresses
This paper outlines the findings regarding a major data breach involving CIEE, a prominent Brazilian organization focused on student integration into the workforce. In July 2025, security researchers identified a publicly accessible Google Cloud Storage bucket containing approximately 28 GB of data, including over 248,725 records (initially) of PII (Personally Identifiable Information). The breach exposed highly sensitive information, including Brazilian CPF identifiers, medical reports, and internal records, with a potential exposure count increasing upon deeper investigation. 1. Introduction Data breaches in Latin America have risen in
Regularly verify that cloud buckets (AWS S3, Google Cloud Storage) are not set to "public" by default.
Scans and reports, which are protected under strict data privacy regulations (LGPD in Brazil).
The exposed data posed a severe risk to victims due to its detailed nature. The contents included: