486k_brazil.txt

This paper outlines the findings regarding a major data breach involving CIEE, a prominent Brazilian organization focused on student integration into the workforce. In July 2025, security researchers identified a publicly accessible Google Cloud Storage bucket containing approximately 28 GB of data, including over 248,725 records (initially) of PII (Personally Identifiable Information). The breach exposed highly sensitive information, including Brazilian CPF identifiers, medical reports, and internal records, with a potential exposure count increasing upon deeper investigation. 1. Introduction

The breach allows threat actors to perform identity theft, phishing campaigns, and extortion targeting the individuals affected. The exposure of medical records specifically increases the risk of spear-phishing and blackmail. Additionally, CIEE faced potential legal repercussions under Brazil’s Lei Geral de Proteção de Dados (LGPD) for failure to secure user data. 5. Security Recommendations 486k_brazil.txt

Full names, contact details, and addresses. This paper outlines the findings regarding a major

Regularly verify that cloud buckets (AWS S3, Google Cloud Storage) are not set to "public" by default. including over 248