• Brazilian IT services and business process outsourcing provider Tivit suffered a breach that comprised its clients’ data.
  • Tivit confirmed that nine of its employees fell for an email phishing attack last week.

Brazilian IT solutions firm Tivit suffered a data breach that exposed its clients’ credentials online. This incident involved data from 19 other companies including kitchen appliances company Faber, Swiss insurance company Zurich, Brazilian financial institution Banco Original, software firm SAP and more.

Security company Defcon Lab discovered that various databases and cloud servers of Tivit were compromised.

“There are almost a thousand lines of code that appear to contain internal company routines, as well as access credentials of different large enterprise customers,” Defcon Lab said. “The data seemed to be internal process documentation of the company itself, and its uncertain whether they were the product of an offensive action or published involuntarily by misunderstanding.”

What does Tivit have to say?

Tivit confirmed to ZDNet that nine of its employees fell for an email phishing attack last week. This allowed the attackers to gain access to the databases stored in their systems. However, the company confirmed that neither its datacenters nor client networks were infiltrated. The firm also said that the incident was limited only to the computers used by the nine employees that had been targeted by the phishing attack.

"We have been dealing with this issue as a matter of high priority and have hired external legal and IT support to ensure that all measures are in place to prevent that from happening again," Tivit said.

Cyware Publisher