ADVERTISEMENT

Portuguese bank exposes client data, raising fears of account hijacking

Extremely sensitive data has been leaked from Banco Portugues de Gestao due to a misconfiguration on the bank’s service providers systems, which could have led to unauthorized money transfers.

nearsoft

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Jun 19, 2024 Updated: 8 December 2025 2 min read
  • Bank account numbers
  • IBAN numbers
  • Account balances
  • KYC documents
  • ID card numbers, including citizen ID numbers
  • Email addresses
  • Phone numbers
  • Taxpayer numbers
  • Names
  • Places of employment
  • Occupation
  • Marital status
  • Dates of birth
  • Home addresses
  • Answers to security questions
  • Authentication secrets
  • Internet banking session tokens
Banco Portugues de Gestao
KYC documents sent by email - base64 encoded PDF
KYC document decoded from base64
KYC document decoded from base64
ADVERTISEMENT
KYC document decoded from base64
KYC document decoded from base64
Account onboarding information, including email, phone number, Citizen ID, Name
Account onboarding information, including email, phone number, Citizen ID, Name
Authentication tokens, Account balances
Authentication tokens, Account balances
Banco Portugues de Gestao
Internet Banking session token, private customer information, customer manager information, and answers to security questions.

The risks of using third-party providers

  • Banco Portuguese de Gestao
  • First Capital Bank
  • Caixa
  • Fondation Ondjyla
  • Banco Interatlanctico
  • dnoticias.pt
  • Unitel
  • Caixa Angola
  • IMDM
  • Regiao Autonoma de Madeira
  • Horarios de Funchal
  • Seiva
  • BancoKeve
  • Bai Cabo Verde
ADVERTISEMENT